DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 19-33 are pending.

Priority
Acknowledgement is made of applicant's claim for priority based on application GB1711788.8 filed on 07/21/2017 and application PCT/GB2018/052034 filed on 07/18/2018.
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file. 

Claim Objections
Claims --19, 23, 25, 30, 31, 32, and 33 are objected to because of the following informalities:  
“each device and virtual machine” in lines 3-4 of claim 19 should read “each of the at least one hardware device and each of the at least one virtual machine”.  Similar issue also exists in claim 32.
“said each device and virtual machine” in lines 4-5 of claim 19 should read “said each of the at least one hardware device and said each of the at least one virtual machine”. Similar issue also exists in claim 32.
the verified authenticity proofs”.
“any one of claims 19” in line 1 of claim 21 should read “claim 19”.
“the authenticity proofs” in last line of claims 23 and 25 should read “the multiple, independent, authenticity proofs”.
“the execution” in last line of claim 30 should read “an execution”.
“each server” in line 1 of claim 31 should read “each of the plurality of distributed servers”.
“to the data source a request for data, to trigger a data source” in lines 9-10 of claim 32 should read “to a data source a request for data, to trigger the data source”.
Claim 33 is objected to under 37 CFR 1.75(c)  as being in improper form because a multiple dependent claim should refer to other claims in the alternative only and should not contain a reference to two sets of claims to different features. See MPEP § 608.01(n).  Moreover, it should be noted that claim 1 was canceled.  Furthermore, “any of claim 1” appears to be odd.
Appropriate correction is required.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.


The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.




Claim 31 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends.  In this case, claim 31 fails to further limit the elements recited in the apparatus of claim 19 from which it depends.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 19-24, 26, and 29-33 are rejected under 35 U.S.C. 103 as being unpatentable over Ahmad (US 20110302415) in view of Blundell (US 20190138729) and further in view of Wood (US 20120166795).

Claim 19, Ahmad discloses A computer-implemented apparatus comprising a software layer having a logic processor, the apparatus further comprising at least one hardware device, the processor being configured to orchestrate at least one virtual machine, wherein each device and virtual machine respectively forms an isolated execution environment, said each device and virtual machine being configured to communicate with each other via the software layer, (e.g. figs. 1-2, ¶19, 21-22, 28: The physical computers each include virtualization software 158 and hardware 159, and are coupled to a shared persistent storage system that includes one or more shared data stores 160. Virtualization software 158 is installed on top of hardware 159 and supports multiple virtual machine execution spaces within each of which a virtual machine process may be executed to instantiate corresponding virtual machines…The TPM enables a trusted virtualization platform (TVP) to be implemented in the physical computers. The TVP for physical computer 150 is shown in further detail in FIG. 2. Referring to FIG. 2, TVP 201 of physical computer 150 includes a pre-execution environment (PXE) boot image 202, virtual machine kernel 203, and applications 204 (e.g., different applications for supporting the execution of VM 210)…Protection for network communications between VMs that are owned by the same customer is provided by requiring all such communications to be encrypted. The encryption key is obtained from the customer or the customer's trusted third party. A virtual machine that runs on a TVP, e.g., VM 220 running on TVP 221, will be able to engage in communication with VM 210 by obtaining the encryption key from the customer or the customer's trusted third party and exchanging encrypted messages with VM 210 through NIC 262 over network 131) the software layer being configured to: 
generate a unique ID associated with a request for a result; commit to the unique ID; (e.g. ¶33: at step 426 the TPM generates the quote of the PCRs and encrypts the quote of the PCRs along with the random nonce using the private portion of the AIK. The quote of the PCRs and the random nonce are transmitted to the key provider at step 428) 
transmit to a data source a request for data, to trigger the data source to generate and return the result by leveraging at least one software attestation technique or at least one hardware attestation technique, wherein the data source is an external device which is remote to the apparatus; (e.g. ¶32-34: at step 426 the TPM generates the quote of the PCRs and encrypts the quote of the PCRs along with the random nonce using the private portion of the AIK. The quote of the PCRs and the random nonce are transmitted to the key provider at step 428… At step 430, the key provider carries out the step of verifying the quote of the PCRs. This step includes decrypting the data received from the TVP using the public portion of the AIK, comparing the PCR values included in the quote of the PCRs against expected PCR values, and comparing the decrypted random nonce with the random nonce that was sent at step 424. If it is determined at step 432 that all of these checks have passed, the key provider transmits the keys at step 434, and the TVP uses the keys to read the VM configuration file and power on the virtual machine at step 436.)
Although Ahmad discloses transmit to a data source a request for data, to trigger the data source to generate and return the result (see above), Ahmad does not appear to explicitly disclose but Blundell discloses to generate multiple, independent, authenticity proofs of the result and wherein the multiple, independent, authenticity proofs are generated in cooperation with the external device (e.g. ¶65, 69, 73-74, 124:  it can be seen that each VM 220 within the cloud 230 infrastructure is mapped to, and is in data communication with, multiple attestation servers or workers 210, providing redundancy and increased security…each attestation server 210 or worker (w.sub.j) stores a list of fixed-structured worker entries, recoding its managed VMs' 220 identity and trustworthiness data…VM.sub.k's host's attestation tickets (TK.sub.k), which could be translated as properties. w.sub.j[i]=(VID.sub.k,PF.sub.k,HID.sub.k,TK.sub.k) An attestation ticket contains the hash giving the status of the host e.g. its software status. It is signed by a TPM or vTPM. A collection of tickets provides the trust evidence for a particular VM or VM host… performing remote attestations of the VM and its host using the plurality of mapped remote attestation servers, wherein performing remote attestations comprises transmitting a request for trust evidence to the VM and VM host, and receiving and storing trust evidence transmitted by the VM and VM host)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Blundell into the invention of Ahmad for the purpose of providing resiliency as there is no single-point-of-failure, in contrast with existing centralized attestation server and additionally, as multiple and potentially competing TSPs are introduced, "dishonest" servers become easier to identify (Blundell, ¶57).
Ahmad-Blundell does not appear to explicitly disclose but Wood discloses verify the multiple, independent, authenticity proofs; and transmit to a remote application the returned result and verified authenticity proofs. (e.g. fig. 4B, ¶27: The VMM formats and signs an attestation kernel measurement as AKM and sends a response (including VMMM and AKM) to the attestation kernel. The attestation kernel verifies the manifest authenticity based on the response from VMM. The attestation kernel also verifies application according to the manifest. The attestation kernel formats and signs the attestation and CN as AM and sends a response to the application (including VMMM, AKM, and AM). In turn, the application responds to the third party with VMMM, AKM, and AM.  Note that since the attestation kernel verifies the manifest authenticity based on the response (including VMMM and AKM), the attestation kernel has to check (verify) that the response (including VMMM and AKM) contains the data required to verify the manifest authenticity.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Wood into the invention of Ahmad-Blundell for the purpose of providing secure application attestation to a third party (Wood, ¶27).

Claim 20, Ahmad-Blundell-Wood discloses An apparatus according to claim 19, wherein the request for the result comprises an indication of the data source for generating the result. (Ahmad, e.g. ¶16, 33: destination IP address) 

Claim 21, Ahmad-Blundell-Wood discloses An apparatus according to any one of claims 19, wherein the software layer is further configured to select the data source for generating the result. (Ahmad, e.g. ¶32)

Claim 22, Ahmad-Blundell-Wood discloses An apparatus according to claim 19, wherein a hardware device or virtual machine is configured to run at least one custom application for leveraging hardware and/or software attestation techniques. (Ahmad, e.g. ¶21-22)

Claim 23, Ahmad-Blundell-Wood discloses An apparatus according to claim 22, wherein the custom application further commits to the unique ID (Ahmad, e.g. ¶33) and wherein the commitment by the custom application is auditable (Ahmad, e.g. ¶34) via the authenticity proofs. (Blundell, e.g. ¶73-74).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Blundell into the invention of Ahmad for the purpose of providing trust evidence for a particular VM or VM host (Blundell, ¶74).

Claim 24, Ahmad-Blundell-Wood discloses An apparatus according to claim 22, wherein two or more custom applications are combined by parallelization, concatenation or nesting. (Ahmad, e.g. ¶21-22)

Claim 26, Ahmad-Blundell-Wood discloses An apparatus according to claim 19, wherein generating the result comprises repeating a computation of the result until a condition is met. (Ahmad, e.g. ¶34)

Claim 29, Ahmad-Blundell-Wood discloses An apparatus according to claim 19, wherein the request comprises a query of an encryption key and a decryption key. (Ahmad, e.g. ¶27, 32-34)

Claim 30, Ahmad-Blundell-Wood discloses An apparatus according to claim 19, wherein the request comprises a query for the execution of a specific custom process. (Ahmad, e.g. ¶32-34)

Claim 31, Ahmad-Blundell-Wood discloses A system comprising a plurality of distributed servers, each server comprising an apparatus according to claim 19. (Ahmad, e.g. fig. 1, ¶15)

Claim 32, this claim is rejected for similar reasons as in claim 19.

Claim 33, Ahmad-Blundell-Wood discloses A method according to claim 32, wherein the processor and the at least one hardware device are comprised in an apparatus according to any of claim 1. (Ahmad, e.g. figs. 1-2, ¶19, 21-22, 28)


Allowable Subject Matter
Claims 25, 27, and 28 would be allowable if rewritten (a) in independent form including all of the limitations of the base claim and any intervening claims and (b) to overcome the objections set forth above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

WO 2018/162060 discloses method for attesting integrity of virtual machine (VM) supported by hypervisor, involves validating integrity of VM that is arranged on basis of verification of VM attestation report and on basis of HV attestation report respectively.

US 20160366185 discloses A system for security health monitoring and attestation of
virtual machines in cloud computing systems.

Hypervisor-based Attestation of Virtual Environments discloses a scalable remote attestation scheme suitable for private cloud and NFV use cases supporting large amounts of VM attestations by efficient use of the physical TPM device.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436