Detailed Action
This office action is in response to the amendment and Request for Continued Examination (RCE) filed December 9, 2020.   
Claims 1,3-9, and 11-20 are pending.   
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed December 9, 2020 have been fully considered but they are not persuasive. Specifically, applicant’s arguments fail to address the cited portions of Bonzini, the primary reference, the inherent teachings specified in the previous office action, and the basis for combining the references. Applicant’s previous arguments of June 26, 2020 also failed to address these teachings, which was previously noted in the final rejection of September 9, 2020. They remain unaddressed in applicant’s current written arguments. Applicant’s arguments and amendments remain unpersuasive therefore, because, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Specifically, Bonzini, by teaching receiving runtime calls to virtual functions allocated during initializations passes messages from the application to the hypervisor which inherently by their nature as runtime requests indicate that initialization has . 


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 11 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 11 is dependent upon now canceled claim 10, and the scope of the claim is therefore indefinite. 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1,3-9, and  11-20 are rejected under 35 U.S.C. 103 as being unpatentable over “Bonzini” (US PG Pub Publication 2016/0224383) in view of . 

Regarding Claim 1, Bonzini teaches: 
1. A method comprising: receiving a first resource request initiated by an application running on a virtual machine during initialization of the application; (Bonzini e.g. ¶¶37,46-47 teach receiving requests for memory allocation, including an embodiment where the requests come during a boot up phase)

allocating, by a hypervisor, a resource to the application in view of the first resource request; (Bonzini e.g. ¶¶37,46-47 teach processing by the hypervisor requests for memory allocation and initialization, including an embodiment where the requests come during a boot up phase)

receiving a message sent by the application running on the virtual machine, the message indicating that the initialization of the application is completed and …the application is initiated;, … (Bonzini e.g. ¶¶31 teaches a request message to request execution of a virtual function at runtime, execution of such requests, in the embodiment where allocation and initialization happens in the bootup process, inherently indicates the completion of the boot up process as such a boot up processes would necessarily complete prior to runtime requests of virtual functions may be carried out as described in e.g. ¶¶18-20, 25-26 at runtime of the application within the virtual machine).  

Bonzini does not explicitly teach, but Seetharamaiah teaches:

receiving an indication of , by the hypervisor, at least one hypercall initiated by the virtual machine,(See e.g. Seetharamaiah ¶¶28,63 teaching denying processing of application hypercalls at runtime of the system based on intercepting and check authorization for the system). 

and in view of the message sent by the application running on the virtual machine, blocking the at least one hypercall initiated by the virtual machine to reject execution of a second resource request initiated by the application (See e.g. Seetharamaiah ¶¶28,63 teaching denying processing of application hypercalls at runtime of the system based on intercepting and check authorization for the system). [Bonzini inherently teaches the claimed message as described above, which provides an indication that indication the system is at runtime, a period during which Seetharamaiah teaches the hypercall blocking as cited here]

In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Bonzini and Seetharamaiah because each is directed to security measures protecting the execution of hypercalls and Seetharamaiah teaches “by using a hypervisor mediated memory access control mechanism to prevent execution of fileless malware instead of or together with using an OS mediated access control mechanism.” (¶9). 

Bonzini further does not teach, but Durham teaches:
… packet processing by the application has initiated (See e.g. Durham teaches data packet processing in ¶¶409-411 to carry out the cloud services of the VM/hypervisor system described in e.g. ¶¶7-10). [Here, while Bonzini’s messages inherently indiciate initialization is completed and runtime is initiated, Durham teaches runtime including pack processing in the cloud services of a VM system]
In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Bonzini and Seetharamaiah with those of Durham because each is directed to security measures protecting the execution of hypercalls and Durham teaches techniques wherein “The protection provided using the techniques described herein effectively provides the same level of confidentiality and security as the consumer would have running the same workload in a private cloud (on premise)” (¶70). 



Regarding Claim 3, Bonzini further teaches: 
3. The method of claim 2, further comprising: stopping the virtual machine in response to receiving the second resource request.  (See e.g. Bonzini teaches exiting in ¶39 in response to invalid parameters in a virtual machine function call). 

Regarding Claim 4, Bonzini et al do not teach, but Durham teaches: 
4. The method of claim 1, wherein blocking the at least one hypercall initiated by the virtual machine comprises: configuring, by the hypervisor, a central processing unit (CPU) to transfer execution control of the virtual machine to a guest supervisor of the virtual machine in response to receiving a request for a first virtual machine exit initiated by the virtual machine.  (See e.g. Durham ¶260 – teaching the VMM and VMMlet on the VM configuring the processor to transfer control to the VMMlet in response to an exit). 
In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Bonzini and Seetharamaiah with those of Durham because each is directed to security measures protecting the execution of hypercalls and Durham teaches techniques wherein “The protection provided using the techniques described herein effectively provides the same level of confidentiality and security as the consumer would have running the same workload in a private cloud (on premise)” (¶70). 

Regarding Claim 5, Durham further teaches: 
5. The method of claim 4, wherein configuring, by the hypervisor, the CPU to transfer execution control of the virtual machine to the guest supervisor of the virtual machine in response to receiving the request for the first virtual machine exit initiated by the virtual (See Durham, teaches in ¶¶60,78, as well as Fig. 43 and ¶¶377-378 managing control based on a VMCS by a VMM and VMMlet, including transferring controls in response to a VMExit instruction). 

Regarding Claim 6, Durham further teaches: 
6. The method of claim 4, further comprising executing a second virtual machine exit initiated by the hypervisor.  (See Durham teaches e.g. VMexit as VMM-specific, i.e. initiated by the VMM in ¶365, in comparsion to the ¶363 ‘guest-induced’ exit. )

Regarding Claim 8, Durham further teaches: 
8. The method of claim 1, wherein the completion of the initialization of the application further corresponds to initiation of packet processing by the application. (See e.g. Durham teaches data packet processing in ¶¶409-411 to carry out the cloud services of the VM/hypervisor system described in e.g. ¶¶7-10). 

Regarding Claim 14, Durham teaches: 
14. The system of claim 13, wherein the second virtual machine exit is caused by a page fault associated with the virtual machine. (See e.g. Durham ¶400 describing, in response to a page miss, the page miss handler determines if the address permissions are matched and executes a VMexit indicating an error). 

Claims 9,11, and 15 are rejected on the same basis as claims 1,3 and 7 above. 
Claims 17 and 18 are rejected on the same basis as claims 1 and 3 above. 
Claims 12,13 and 16 are rejected on the same basis as claims 4, 6, and 8 above. 
Claims 19 and 20 are rejected on the same basis as claims 4 and 6 above. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW J BROPHY whose telephone number is (571)270-1642.  The examiner can normally be reached on Monday-Friday, 9am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Zhen can be reached on 571-272-3708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  






MJB
4/10/2021

/MATTHEW J BROPHY/Primary Examiner, Art Unit 2191