DETAILED ACTION
This office action is in response to communication filed on 3/8/2019.
Claims 1-20 are being considered on the merits.
	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/8/2019 and 6/25/2021 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of the Applicant’s IDS form 1449 3/8/2019 and 6/25/2021 is attached to the instant office action.
Oath/Declaration
For the record, the Examiner acknowledges that the Oath/Declaration submitted on 3/8/2019 has been accepted. 
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 
Ref. 235 in Fig. 2  
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 17, and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 17, and 20 recite the limitation "a secure guest" in line 15.  It is unclear whether this is the same or different from the secure guest mentioned in lines 4 and 14. Proper antecedent basis is required.
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 18-19 rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  
Claims 18-19 refer back to claim 16, but they mention a computer program product, which is in claim 17. These claims are also similar to claims 2-3. Mostly likely these claims should be dependents of claim 17, and they will be treated as such for the purposes of examining under 35 USC 103.
Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 17 recites “a computer readable storage medium” without specifying “non-transitory”; however, Para. [00101] of the specification excludes transitory signals, thus no 35 USC 101 rejection is applied.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.    
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior  

Claims 1, 11, 13-15, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Boenisch (US 20160241393 A1) in view of Kancharla (US 20160149877 A1).
Regarding claim 1, Boenisch teaches a computer-implemented method, comprising: configuring, by a secure interface control, communicatively coupled to a hypervisor and a hardware security module, the hardware security module for exclusive use by a secure guest managed by the hypervisor, the configuring comprising: (Boenisch, in Para. [0068 and 0077], discloses a trusted firmware (i.e. secure interface control) or trusted component (i.e. secure interface) which can be hardware or software, working with the hypervisor, which configures, uses data, and assigns hardware security modules for use by specific guest (i.e. exclusive use))
obtaining, by the secure interface control, a configuration request to configure the hardware security module, from a given guest of one or more guests managed by the hypervisor, via the hypervisor; (Boenisch, in Fig. 6 and in Para. [0007 and 0042], discloses configuring the hardware security model based on challenge/response data being controlled by the hypervisor, or guest systems, or both)
determining, by the secure interface control, if the hardware security module is already configured to a specific guest of the one or more guests, wherein the specific guest and the given guest comprise different guests of the one or more guests; (Boenisch, in Fig. 5 and in Para. [0040], discloses determining that the challenge/request fails (i.e. is assigned to a different guest/specific guest))
based on determining that the given guest comprises a [secure] guest, foreclosing, by the secure interface control, establishing a configuration of the hardware security module by limiting accesses by guests to the hardware security module exclusively to the given guest of the one or more guests; (Boenisch, in Para. [0024 and 0032], discloses assigning a specific guest system to its correct hardware security model and using different hardware security modules for different guest systems (i.e. limiting access to given guest)).
While Boenisch teaches assigning HSM to guests, Boenisch fails to explicitly teach a secure guest and logging in using a session code.
However, Kancharla from the analogous technical field teaches based on determining that the hardware security module is not configured to the specific guest, determining, by the secure interface control, that the given guest comprises the secure guest by evaluating metadata of the given guest; (Boenisch, in Para. [0021 and 0026], discloses determining a secured HASM-VM (i.e. guest) based on the unique static secret (i.e. part of the metadata))
logging the given guest into the hardware security module, by the secure interface control, wherein the logging into the hardware security module comprises utilizing a secret of the given guest, wherein the metadata comprises the secret; (Kancharla, in Para. [0021], discloses using a unique static secret used to allow only one HSM-VMs (i.e. guest) access)
based on the logging into the hardware security module, obtaining, by the secure interface control, from the hardware security module, a session code; and (Kancharla, in Para. [0021], discloses a dynamic secret (i.e. session code) provided in real time)
retaining, by the secure interface control, the session code (Kancharla, in Para. [0021], discloses the dynamic secret (i.e. session code) being used (i.e. retained)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch to incorporate the teachings of Kancharla, with a motivation to provide improved security management using hardware security models (Kancharla, Para. [0003 and 0013]).  
Regarding claim 11, Boenisch as modified by Kancharla teaches the computer-implemented method of claim 1.
Kancharla teaches further comprising: obtaining, by the secure interface control, from the hypervisor, an indication that the given guest has stopped; removing, by the secure interface control, the configuration (Kancharla, in Para. [0030], discloses removing HASM-VM (i.e. guests) based on the HSMs available).
Regarding claim 13, Boenisch as modified by Kancharla teaches the computer-implemented method of claim 1.
Boenisch teaches wherein the secure interface component is selected from the group consisting of: firmware, hardware, and software (Boenisch, in Para. [0077], discloses a trusted firmware (i.e. secure interface control) which can be hardware or software, which configures, uses data, and).
Regarding claim 14, Boenisch as modified by Kancharla teaches the computer-implemented method of claim 1.
Kancharla teaches wherein determining that the given guest comprises the secure guest by evaluating metadata of the given guest comprises verifying one of a presence or a type of the metadata (Kancharla, in Para. [0021], discloses the HASM-VM (i.e. guests) using (i.e. is presence) a unique static secret (i.e. type of metadata)).
Regarding claim 15, Boenisch as modified by Kancharla teaches the computer-implemented method of claim 1.
Boenisch teaches wherein utilizing the secret of the given guest, comprises decrypting, by the secure interface control, the secret (Boenisch, in Para. [0035 and 0077], discloses unencrypting the pattern (i.e. secret), where the firmware (i.e. interface control) handles using the data pattern (i.e. secret)).
As per claim 17, this claim recites a token non-transitory computer readable medium to perform the steps as recited by the method of claim 1, and has limitations that are similar to those of claim 1, thus is rejected with the same rationale applied against claim 1.
As per claim 20, this claim recites a token system to perform the steps as recited by the method of claim 1, and has limitations that are similar to those of claim 1, thus is rejected with the same rationale applied against claim 1.
Claims 2-3, 5-6, 16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla, in further view of Chhabra (US 10601590 B1). 
Regarding claim 2, Boenisch as modified by Kancharla teaches the computer-implemented method of claim 1.
While Boenisch as modified by Kancharla teaches a storing a session code, Boenisch as modified by Kancharla fails to explicitly teach associating a session code with a null.
However, Chhabra from the analogous technical field teaches wherein the retaining comprises storing an association of the session code with a NULL session code in a table of associations in the secure interface control (Chhabra, in Fig. 3 and in Col. 5 L. 17-42 and Col. 9 L. 1-24, discloses the database connected to the TEE (i.e. interface) storing the HSM secret (i.e. session code), where the function (i.e. generating new session code) using the secret (i.e. session code) has not been executed yet (i.e. session code is associated with null)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla to incorporate the teachings of Chhabra, with a motivation to provide improved security by protecting secrets (Chhabra, Col. 3 L. 8-14).
Regarding claim 3, Boenisch as modified by Kancharla teaches the computer-implemented method of claim 1.
Boenisch teaches wherein the metadata of the guest is integrity protected (Boenisch, in Para. [0034], discloses an encrypted (i.e. integrity protected) key and data pattern (i.e. part of metadata)).
While Boenisch as modified by Kancharla teaches integrity protected metadata, Boenisch as modified by Kancharla fails to explicitly teach a key owned by the secure interface.
However, Chhabra from the analogous technical field teaches and the secret is encrypted by a key derived using a private key owned by the secure interface control (Chhabra, Col. 7 L. 11-22, discloses a key derivation function used for the secret, that is based on the TEE (i.e. secure interface) function and key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla to incorporate the teachings of Chhabra, with a motivation to provide improved security by protecting secrets (Chhabra, Col. 3 L. 8-14).  
Regarding claim 5, Boenisch as modified by Kancharla and Chhabra teaches the computer-implemented method of claim 2.
Chhabra further teaches further comprising: based on the configuring, providing, by the secure interface control, to the given guest, a new session code to utilize by the given guest in requests to the hardware security module (Chhabra, in Fig. 7 and Col. 9 L. 1-24, discloses executing a function (i.e. generating new session code) using the secret (i.e. session code) and providing the result (i.e. new session code) to the requestor (i.e. guest)).
Regarding claim 6, Boenisch as modified by Kancharla and Chhabra teaches the computer-implemented method of claim 5.
Chhabra further teaches wherein the providing comprises: intercepting, by the secure interface control, a hardware security module login request from the given guest, wherein the hardware security module login request comprises login data from the given guest (Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses submitting a command (i.e. request) to the TEE (i.e. secure interface), where the request to the HSM includes authentication credentials (i.e. guest login data))
(Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses the TEE (i.e. secure interface) obtaining authentication credentials (i.e. new login data), based on the measure of the code (i.e. secret))
issuing, by the secure interface control, to the hardware security module, a new hardware security module login request from the given guest, wherein the new hardware security module login request comprises the new login data; (Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses the TEE (i.e. secure interface) submitting the secret request (i.e. login request) with the authentication credentials (i.e. new login data) to the HSM)
obtaining, by the secure interface control, a session code from the hardware security module; (Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses the HSM sending the secret (i.e. session code) to the TEE (i.e. secure interface))
based on obtaining the session code from the hardware security module, generating, by the secure interface control, the new session code; (Chhabra, in Fig. 7 and Col. 9 L. 1-24, discloses the TEE (i.e. interface) executing a function (i.e. generating new session code) using the secret (i.e. session code))
storing, by the secure interface control, an association between the session code from the hardware security module and the new session code in the table; and (Chhabra, in Fig. 3 and Col. 3. L 1-14 and Col. 5 L. 17-42, discloses the TEE (i.e. interface) storing the HSM secrets (i.e. session codes) and the temporary derived secrets (i.e. new session codes))
transmitting, by the secure interface control, the new session code to the given guest, responsive to the login request (Chhabra, in Fig. 7 and Col. 9 L. 1-24, discloses providing the result (i.e. new session code) to the requestor (i.e. guest)).
Regarding claim 16, Boenisch as modified by Kancharla teaches the computer-implemented method of claim 15.
While Boenisch as modified by Kancharla teaches decrypting the secret, Boenisch as modified by Kancharla fails to explicitly teach a key owned by the secure interface.
However, Chhabra from the analogous technical field teaches wherein the decrypting comprises utilizing a key computed exclusively by the secure interface control (Chhabra, Col. 7 L. 11-22, discloses a key derivation function used for the secret, that is based on the TEE (i.e. secure interface) function and key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla to incorporate the teachings of Chhabra, with a motivation to provide improved security by protecting secrets (Chhabra, Col. 3 L. 8-14).  
As per claims 18-1 9, this claims recite a token non-transitory computer readable medium to perform the steps as recited by the method of claims 2-3, and has limitations that are similar to those of claims 2-3, thus is rejected with the same rationale applied against claims 2-3.
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla and Chhabra, in further view of Maximov (US 20190207764 A1).
Regarding claim 4, Boenisch as modified by Kancharla and Chhabra teaches the computer-implemented method of claim 3.
While Boenisch as modified by Kancharla and Chhabra teaches a key, Boenisch as modified by Kancharla and Chhabra fails to explicitly teach a key based on a cryptographic measurement of the boot image.
However, Maximov from the analogous technical field teaches wherein the private key comprises a cryptographic measure of a boot image of the given guest (Maximov, in Para. [0003 and 0006], discloses a key derived from the measurements based on the boot).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla and Chhabra to incorporate the teachings of Maximov, with a motivation to provide increased security (Maximov, in Para. [0012]).  
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla and Chhabra, in further view of Wang (US 20210167962 A1).
Regarding claim 7, Boenisch as modified by Kancharla and Chhabra teaches the computer-implemented method of claim 5.
While Boenisch as modified by Kancharla and Chhabra teaches a new session code, Boenisch as modified by Kancharla and Chhabra fails to explicitly teach using the new session code.
However, Wang from the analogous technical field teaches further comprising: intercepting, by the secure interface control, a request from the given guest to the hardware security module, wherein the request comprises the new session code; obtaining, by the secure interface control, from the table, the session code from the hardware security module associated with the new session code; updating, by the secure interface control, the request from the given guest to comprise a new request, wherein the new request comprises the session code from the hardware security module instead of the new session code; and issuing, by the secure interface control, the new request to the hardware security module (Wang, in Para. [0115], discloses storing the account table in association with the sensitive data in the token server (i.e. interface) and using the token for future transactions).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla and Chhabra to incorporate the teachings of Wang, with a motivation to provide enhanced security (Wang, in Para. [0132]).  
Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla, Chhabra, and Wang, in further view of Norum (US 10461943 B1).
Regarding claim 8, Boenisch as modified by Kancharla, Chhabra, and Wang teaches the computer-implemented method of claim 7.
While Boenisch as modified by Kancharla, Chhabra, and Wang teaches a request, Boenisch as modified by Kancharla, Chhabra, and Wang fails to explicitly teach issuing the fulfillment to the guest.
However, Norum from the analogous technical field teaches further comprising: obtaining, by the secure interface control, from the hardware security module, fulfillment of the request; and issuing, by the secure interface control, the fulfillment of the request to the given guest (Norum, in Fig. 8 and in Col. 18 L. 6-16, discloses ending the session is communicated between the HSM virtual HSM (i.e. interface) and client (i.e. guest)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla, Chhabra, and Wang to incorporate the teachings of Norum, with a motivation to provide increased performance when adding and removing HSMs (Norum, in Col. 11. L. 48-53).  
Regarding claim 9, Boenisch as modified by Kancharla, Chhabra, Wang, and Norum teaches the computer-implemented method of claim 8.
Norum further teaches wherein the request is selected from the group consisting of: a hardware security module secure key generation request, and a hardware security module logout request (Norum, in Fig. 8 and in Col. 18 L. 6-16, discloses the client (i.e. guest) ending the session (i.e. logout request)).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla and Chhabra, in further view of Norum (US 10461943 B1).
Regarding claim 10, Boenisch as modified by Kancharla and Chhabra teaches the computer-implemented method of claim 6.
While Boenisch as modified by Kancharla and Chhabra teaches a request, Boenisch as modified by Kancharla and Chhabra fails to explicitly teach logging out.
However, Norum from the analogous technical field teaches further comprising: obtaining, by the secure interface control, from the hypervisor, an indication that the given guest has stopped; identifying, by the secure interface component, the association between the session code from the hardware security module and the new session code in the table; generating, by the secure interface component, a list of one or more sessions utilizing the session code from the hardware security module, based on the table; and logging out the given guest, by the secure interface component, from the one or more sessions (Norum, in Col. 18 L. 6-16, discloses the HSM deleting the session key (i.e. content of table) and propagating the delete instruction (i.e. logging out from all HSMs)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla and Chhabra to incorporate the teachings of Norum, with a motivation to provide increased performance when adding and removing HSMs (Norum, in Col. 11. L. 48-53).  
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla and Chhabra, in further view of Kancharla (US 20180062854 A1).
Regarding claim 12, Boenisch as modified by Kancharla and Chhabra teaches the computer-implemented method of claim 6.
While Boenisch as modified by Kancharla and Chhabra teaches an interface, Boenisch as modified by Kancharla and Chhabra fails to explicitly teach logging out.
However, Kancharla from the analogous technical field teaches further comprising: obtaining, by the secure interface control, from the hypervisor, an indication that the given guest has stopped; (Kancharla, in Para. [0020] and claim 17, discloses deleting the PMS and parameters (i.e. references) from the HSM).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla and Chhabra to incorporate the teachings of Kancharla, with a motivation to optimize the service provided by HSMs (Kancharla, Para. [0012]).  
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JESSICA JANA SOUTH whose telephone number is (571)272-3208.  The examiner can normally be reached on M-Th 9:00-18:00 (Flex).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/JESSICA J SOUTH/Examiner, Art Unit 2431                                                                                                                                                                                                        
/TRANG T DOAN/Primary Examiner, Art Unit 2431