DETAILED ACTION
    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER'S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR Page 21 .312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. The Examiner called, 5/20/2021, Dan Hu (Reg. No 40,025) on agreement. Claim 17 is cancelled and amendments are made to claims 1, 2, 7, 12-13, and 18-19 as follows:

Claim 1. (Currently Amended) A method comprising:
generating, with a first device, a nonce; 
writing, with the first device, the nonce to a memory location accessible to a kernel;
initializing the kernel;
in response to an end of the initialization of the kernel, measuring a specified kernel space to produce a first result;
writing the first result to a first register of a second device;
writing a location and a size of the specified kernel space to a buffer;
measuring the buffer including the location and the size of the specified kernel space to produce a buffer measurement result comprising a hash value;
writing the buffer measurement result to a second register of the second device;
requesting a quote from the second device; [[and]]
passing, to the first device, the quote including the nonce, the first result from the first register, and the buffer measurement result from the second register;
verifying, by the first device, the buffer measurement result including the hash value;
in response to the verifying, measuring, by the first device, the specified kernel space to produce a second result; and
determining, by the first device, that a potential compromise of the kernel has occurred in response to the second result not matching the first result.

Claim 2. (Currently Amended) The method of claim 1, further comprising:
sending, with the kernel to an agent operating in the first device, an indicator to indicate that the kernel is ready to be measured;
verifying, with the agent, a signature of the quote, the nonce, and the buffer measurement result;
measuring, with the agent, the specified kernel space to produce a further result; and 
verifying, with the agent, that the further result matches the first result. 

Claim 3. (Original) The method of claim 2, wherein the specified kernel space is a kernel space of an inner kernel of a split kernel operating system. 

Claim 4. (Original) The method of claim 3, further comprising: 
confirming, with the agent, that a processor of a system that the kernel is installed on is operating in a non-root mode; and 
confirming, with the agent, that an exit to a root mode is a valid memory address that is within range of the kernel space of the inner kernel.

Claim 5. (Previously Presented) The method of claim 4, further comprising:
		in response to the processor operating in the non-root mode and the exit to the root mode not being within the range of the kernel space of the inner kernel, initiating, with the agent, a remedial action.

Claim 6. (Original) The method of claim 2, wherein the agent continually measures and verifies the specified kernel space.

Claim 7. (Currently Amended) The method of claim 2, further comprising:
response to the further result not matching the first result, initiating, with the agent, a remedial action; and 
in response to the nonce, the signature, or the buffer measurement result not being verified, initiating, with the agent, a remedial action.

Claim 8. (Previously Presented) The method of claim 2, further comprising: 


 Claim 9. (Previously Presented) The method of claim 8, further comprising:
in response to determining that the initialization of the kernel took the amount of time greater than the threshold, initiating, with the agent, a remedial action.

Claim 10. (Original) The method of claim 1, wherein the second device is a trusted platform module (TPM).

Claim 11. (Previously Presented) The method of claim 1, wherein the first device is a baseboard controller manager (BMC). 

Claim 12. (Currently Amended) The method of claim 1, wherein the is produced by a hash function applied to a content of the buffer including the location and the size of the specified kernel space




Claim 13. (Currently Amended) A system comprising:
a Root of Trust (RoT) device;
a baseboard management controller (BMC); and
a kernel of an operating system (OS), the kernel to measure a specified kernel space at an end of OS initialization to produce a kernel space measurement, extend a register of the RoT device with the kernel space measurement, pass an address and a size of the specified kernel space to a buffer, request a quote from the RoT device, and send the quote to the BMC, wherein the request for the quote includes a nonce generated by the BMC, 
the RoT device to, in response to the request for the quote, generate the quote, wherein the quote includes the nonce and a content including the kernel space measurement of the register, and
the BMC to:
generate the nonce and write the nonce to a memory accessible by the kernel, 

measure a content of the buffer including the address and the size of the specified kernel space to produce a buffer measurement comprising a hash value, 
verify the buffer measurement, and
in response to verifying the buffer measurement, measure the specified kernel space and compare a result of the measurement of the specified kernel space by the BMC to the kernel space measurement in the quote.

Claim 14. (Previously Presented) The system of claim 13, wherein the reception of the ready signal is indicated by reception of the quote.

Claim 15. (Original) The system of claim 13, wherein the specified kernel space is a range of memory addresses given by a driver included in the kernel.

Claim 16. (Previously Presented) The system of claim 15, wherein the driver included in the kernel is to measure the specified kernel space at the end of OS initialization. 

Claim 17. (Cancelled) 

Claim 18. (Currently Amended) The system of claim [[17]]13, wherein the BMC is to verify the nonce included in the quote, and wherein the measurement of the specified kernel space by the BMC is further responsive to verifying the nonce included in the quote.

Claim 19. (Currently Amended) A non-transitory machine-readable storage medium encoded with instructions executable by a system to:
in response to an end of a boot of an operating system (OS), measure a specified kernel space;
store a first result of the measurement to a first register of a first device;
store a plurality of addresses of the specified kernel space to a buffer;
measure the buffer containing the plurality of addresses of the specified kernel space to generate a second result;
store the second result of the measurement of the buffer to a second register of the first device;
request a quote from the first device;

send a ready to measure indicator to the BMC to cause the BMC to measure a content of the buffer to produce a buffer measurement comprising a hash value, verify the buffer measurement, and in response to verifying the buffer measurement, measure the specified kernel space and compare a result of the measurement of the specified kernel space by the BMC to the first result.

Claim 20. (Previously Presented) The non-transitory machine-readable storage medium of claim 19, wherein the BMC includes an agent to:
in response to the ready to measure indicator, measure the specified kernel space;
verify the nonce and the second result from the quote;
compare a third result of the measurement of the specified kernel space by the agent to the first result in the quote;
in response to failing to verify the nonce, initiate a remedial action; and
in response to the third result not matching the first result, initiate a remedial action.

Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance:  
Claim 1 is considered allowable since when reading the claims in light of the specification, as per MPEP §2111.01 or In re Sneed, 710 F.2d 1544, 1548,218 USPQ 385, 388 (Fed. Cir. 1983), none of the references of record alone or in combination disclose or suggest the combination of limitations specified in independent Claim 1, including “generating, with a first device, a nonce; writing, with the first device, the nonce to a memory location accessible to a kernel; initializing the kernel;
in response to an end of the initialization of the kernel, measuring a specified kernel space to produce a first result; writing the first result to a first register of a second device; writing a location and a size of the specified kernel space to a buffer; measuring the buffer including the location and the size of the specified kernel space to produce a buffer measurement result comprising a hash value; writing the buffer measurement result to a second register of the second device; requesting a quote from the second device; passing, to the first device, the quote including the nonce, the first result from the first register, and the buffer measurement result from the second register; verifying, by the first device, the buffer measurement result including the hash value; in response to the verifying, measuring, by the first device, the specified kernel space to produce a second result; and determining, by the first device, that a 
The closest art cited in the case includes over Zmudzinski (2019/0095345) in view of Ollikainen (2018/0063092) and further in view of McAlpine (2005/0144422). Zmudzinski discloses generating, with a device, a nonce [FIG(s).1, 2, 7, & para.0060] and writing the nonce to a memory location accessible to a kernel [para.0051] and then initializing the kernel [0041]. Ollikainen discloses measurement log and passing it back to a remote site, which checks hash calculations and also that measured hash values have expected values. Ollikainen fails to teach a buffer measurement result produced by measuring the buffer including the location and the size of the specified kernel space, as recited in claim 1. Ollikainen also fails to teach that the PCR registers contain a location and the size of the specified kernel space, fails to teach measuring the buffer including the location and the size of the specified kernel space to produce a buffer measurement result. McAlpine, refers to a kernel agent that calls a host operating system "to translate the virtual memory location of the beginning of the buffer and the buffer size into corresponding physical page addresses [para.0027]. The address translation of McAlpine does not involve measuring the buffer including the location and the size of the specified kernel space to produce a buffer measurement result, as claimed. In addition to the cited references, Jakobsson (US 20130024936 A1) is found to teach “…measuring the buffer including the location and the size of the specified kernel space to produce a buffer measurement result…” (FIG.10 & paragraphs 0260 0141, 0144, 0179). However, Jakobsson fails to teach “measuring the buffer including the location and the size of the specified kernel space to produce a buffer measurement result comprising a hash value;” and “verifying, by the first device, the buffer measurement result including the hash value; in response to the verifying, measuring, by the first device, the specified kernel space to produce a second result; and determining, by the first device, that a potential compromise of the kernel has occurred in response to the second result not matching the first result.” As cited in claim 1 the Examiner finds be novel.
For similar reasons, independent claims 13 and 19 are also patentable for similar reasons for independent claim 1. Dependent Claims 2-12, 14-16, 18, and 20 are considered allowable for the same reasons stated above for independent Claims 1, 13, and 19. Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, 

Conclusion
Claims 1-16 and 18-20 are allowed.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Adil Ocak whose telephone number is (571) 272-2774. The examiner can normally be reached on 8am-5pm, M-F, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Nasser Goodarzi can be reached on (571) 272-4195. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, then contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ADIL OCAK/
Examiner, Art Unit 2426



/NASSER M GOODARZI/Supervisory Patent Examiner, Art Unit 2426