DETAILED ACTION
This office action is in response to communication filed on 3/15/2019.
Claims 44-63 are being considered on the merits.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Priority
Acknowledgment is made of applicant’s claim for priority as a 371 of PCT/EP2016/072581.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/15/2019 and 2/23/2021 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of the Applicant’s IDS form 1449 3/15/2019 and 2/23/2021 is attached to the instant office action.
Oath/Declaration
For the record, the Examiner acknowledges that the Oath/Declaration submitted on 3/15/2019 has been accepted. 
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 
Ref. S18 in Fig. 5 and 6.  
Ref. S54 in Fig. 8.
Ref. S611 in Fig. 9.
Ref. 103 and 1021 in Fig. 14.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 

Claims 44-51, 54-55, 57-60, and 62-63 are rejected under 35 U.S.C. 103 as being unpatentable over Nystrom (US 20150178504 A1) in view of Shi (US 20180181426 A1).


Regarding claim 44, Nystrom teaches a network node comprising: a physical trusted platform module; a memory; and one or more processors configured to access the memory and to execute a virtual machine (VM) on the network node, the one or more processors configured to: obtain encrypted information and a first identifier, wherein both the encrypted information and the first identifier are associated with a virtual machine (VM) to be executed; (Nystrom, in Para. [0046, 0097, 00117, and 0119], discloses encrypted data that represents a virtual security device (i.e. encrypted information) associated with a VM to be instantiated (i.e. executed) and virtual machine identifier and discrete trusted platform model (i.e. physical TPM) on the host)
retrieve, using at least the first identifier, from a trusted launch authority (TLA), at least a [first] secret portion of a secret, wherein the first secret portion is dynamic, linked to the VM, and dependent on at least a property of the VM; and (Nystrom, in Para. [0046, 0075, 0097 and 0109], discloses an hypervisor (i.e. TLA) and using the measurement (i.e. property of VM) and associated VM identifier to obtain a sealed key (i.e. secret portion))
decrypt the encrypted information with a decryption key derived from at least the [first] secret portion and a first measurement result of at least the VM (Nystrom, in Para. [0076, 0109, and 0117], discloses using the key to decrypt the data (i.e. encrypted information) that represents a virtual security device, where the key is derived base on the sealed key (i.e. secret portion) which is obtained using the measurements).
While Nystrom teaches a key derived from a secret, Nystrom fails to explicitly teach a physical TPM and the secret being in portions.
However, Shi from the analogous technical field teaches: (Shi, in Para. [0010], discloses first TPM (i.e. physical TPM) in the physical host).
a first secret portion (Shi, in Para. [0024], discloses a root key (i.e. first secret portion) used to create the key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nystrom to incorporate the teachings of Shi, with a motivation to provide vTPM based security (Shi, Para. [0007]).  
Regarding claim 45, Nystrom as modified by Shi teaches the network node according to claim 44.
Nystrom further teaches wherein the one or more processors are configured to execute a virtual trusted platform module (Nystrom, in Para. [0044], discloses virtual trusted platform modules (vTPMs)).
Regarding claim 46, Nystrom as modified by Shi teaches the network node according to claim 44.
Shi further teaches wherein the one or more processors are configured to obtain a second secret portion of the secret, the second secret portion associated with the physical trusted platform module, wherein the decryption key is dependent on the second secret portion (Shi, in Para. [0018 and 0024], discloses a primary seed (i.e. second secret portion) which is associated with the physical host and specifically the first TPM (i.e. physical TPM), which along with the root key (i.e. first secret portion) is used to create the key).
Regarding claim 47, Nystrom as modified by Shi teaches the network node according to claim 44.
Shi further teaches wherein the one or more processors are configured to obtain a second secret portion of the secret from the TLA via a network, wherein the decryption key is dependent on the second secret portion (Shi, in Para. [0018 and 0038], discloses a primary seed (i.e. second secret portion), which is received over a network, is used to create the key along with the root key (i.e. first secret portion)).
Regarding claim 48, Nystrom as modified by Shi teaches the network node according to claim 44.
Nystrom further teaches wherein the one or more processors are configured to: conduct a measurement of at least one of: the VM to be executed; or the encrypted information associated with the VM to be executed; and generate the first measurement result from the conducted measurement (Nystrom, in Para. [0097], discloses the measurement being based on the code (i.e. VM) or the configuration data (i.e. information associated with the VM).
Regarding claim 49, Nystrom as modified by Shi teaches the network node according to claim 48.
Nystrom further teaches wherein to conduct the measurement comprises hashing (Nystrom, in Para. [0057], discloses the measurement including hashing).
Regarding claim 50, Nystrom as modified by Shi teaches the network node according to claim 44.
Nystrom further teaches wherein the one or more processors are configured to: provide the TLA with the first measurement result to retrieve the first secret portion, wherein the first secret portion is dependent on at least on of: the first measurement result; another measurement result stored by the TLA in a database during previous execution of the VM, associated with the first identifier; (Nystrom, in Para. [0046, 0056, 0076, and 0108-0109], discloses the key is derived/unsealed base on the sealed key which is obtained by providing the measurements, stored in the registers (i.e. database), to the security component/hypervisor (i.e. TLA))
the first identifier; or a first identifier previously used and stored by the TLA (Nystrom, in Para. [0097], discloses stored identifiers).

Regarding claim 51, Nystrom as modified by Shi teaches the network node according to claim 44.
Nystrom further teaches wherein the one or more processors are configured to: retrieve from the TLA at least a third secret portion of the secret, the third secret portion dynamically linked to the VM and dependent on at least one of: a property of the VM; the first measurement result; or a second identifier generated by the TLA (Nystrom, in Para. [0056], discloses multiple registers storing multiple measurement (i.e. third portion)).
Regarding claim 54, Nystrom as modified by Shi teaches the network node according to claim 44.
Nystrom further teaches wherein the first secret portion is dependent on at least one of: a measurement result of the VM; a sequential instance of the VM; a start or stop cycle number of the VM; a time stamp at the occurrence of a status change of the VM; information about previous executions of the VM; or time information associated with the VM and/or an execution platform and/or a virtual trusted platform module executed by the one or more processors (Nystrom, in Para. [0097], discloses the measurement being based on the code (i.e. VM) or the configuration data (i.e. information associated with the VM).
Regarding claim 55, Nystrom as modified by Shi teaches the network node according to claim 44.
Nystrom further teaches wherein the one or more processors are configured to: determine whether encrypted information exists; if encrypted information does not exist, send measurement result to the TLA; and retrieve from the TLA at least the encrypted information and the identifier associated with the VM to be executed (Nystrom, in Para. [0044 and 0096-0097], discloses the hypervisor (i.e. TLA) controlling the metadata and in return for providing evidence of the measurements providing the identifier).
As per claims 57-58 and 60, these claims recite a token system with a TLA to perform the steps as recited by the system of claims 44, 50-51, and has limitations that are similar to those of claims 1-2, 7-8 and 14, thus is rejected with the same rationale applied against claims 1-2, 7-8 and 14. The additional element of the method being performed by a TLA is disclosed in Nystrom Para. [0047] as a hypervisor (i.e. TLA). For claim 60, the identifier created based on random content is taught by Shi Para. [0012] discloses generating a random number (i.e. identifier/salt).
Regarding claim 59, Nystrom as modified by Shi teaches the authorization node according to claim 57.
Shi further teaches wherein the one or more processors are configured to at least one of: obtain a second portion of the secret from a physical trusted platform module on the execution platform; and generate the at least first secret portion of the secret dependent on the second portion; generating a secret associated with the VM to be executed; and provide the secret to the vTPM in a way different from providing to the vTPM, at least the first secret portion (Shi, in Para. [0024], discloses creating a root key (i.e. first secret portion) based on the primary seed (i.e. second secret portion), received through the physical host, and using the root key (i.e. first secret portion) to create key (i.e. secret), on the physical host (i.e. different way)).
As per claim 62, this claim recites a token method to perform the steps as recited by the system of claim 44, and has limitations that are similar to those of claim 44, thus is rejected with the same rationale applied against claim 44. 
As per claim 63, this claim recites a token method performed by a TLA to perform the steps as recited by the system of claim 44, and has limitations that are similar to those of claim 44, thus is rejected with the same rationale applied against claim 44. The additional element of the method being performed by a TLA is disclosed in Nystrom Para. [0047] as a hypervisor (i.e. TLA). 


Claims 52-53, 56 and 61 are rejected under 35 U.S.C. 103 as being unpatentable over Nystrom in view of Shi, in further view of Ferguson (US 20150319160 A1).
Regarding claim 52, Nystrom as modified by Shi teaches the network node according to claim 51.
Nystrom further teaches key derived from at least the third secret portion and a second measurement result of at least the VM (Nystrom, in Para. [0056], discloses multiple registers storing multiple measurement (i.e. third portion)).
While Nystrom as modified by Shi teaches a key derived from a secret, Nystrom as modified by Shi fails to explicitly teach encrypting in response to shut down.
However, Ferguson from the analogous technical field teaches wherein the one or more processors are configured to: encrypt information in response to a suspension or shutdown of the VM with an encryption key derived from at least the third secret portion and a second measurement result of at least the VM (Ferguson, in Para. [0078-0079], discloses encrypting the VM when receiving instruction to pause or shut down).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nystrom as modified by Shi to incorporate the teachings of Ferguson, with a motivation to protect the VM and keys (Ferguson, Para. [0080-0081]).  
Regarding claim 53, Nystrom as modified by Shi and Ferguson teaches the network node according to claim 52.
Nystrom further teaches wherein the one or more processors are configured to: conduct a measurement of at least one of: the VM to be suspended or shutdown; part of the VM to be suspended or shutdown; properties of the VM to be suspended or shutdown; or information associated with the VM to be suspended or shutdown; and generate the measurement result from the conducted (Nystrom, in Para. [0058-0059], discloses taking measurements at different times when needed and provided by the hypervisor (i.e. TLA)).
Regarding claim 56, Nystrom as modified by Shi and Ferguson teaches the network node according to claim 52.
Ferguson further teaches wherein the one or more processors are configured to: determine whether encrypted information exists; if encrypted information does not exist, send measurement result to the TLA; retrieve from the TLA a secret portion and a second identifier associated with the VM to be executed; generate the information; and encrypt the information to obtain the encrypted information using at least the secret portion from the TLA (Ferguson, in Para. [0079], discloses encrypting the metadata).
As per claim 61, this claim recites a token method performed by a TLA to perform the steps as recited by the method of claim 56, and has limitations that are similar to those of claim 56, thus is rejected with the same rationale applied against claim 56. The additional element of the method being performed by a TLA is disclosed in Nystrom Para. [0047] as a hypervisor (i.e. TLA). 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JESSICA JANA SOUTH whose telephone number is (571)272-3208.  The examiner can normally be reached on M-Th 9:00-18:00 (Flex).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/JESSICA J SOUTH/Examiner, Art Unit 2431                                                                                                                                                                                                        
/TRANG T DOAN/Primary Examiner, Art Unit 2431