DETAILED ACTION
Claims 1-20 are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over J. Gu et al., "Secure Live Migration of SGX Enclaves on Untrusted Cloud," 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017, pp. 225-236 (hereinafter “Gu”) in further view of Rozas et al. (US 2017/0185533 A1).

Regarding claim 1, Gu teaches the invention substantially as claimed including a method of migrating a virtual machine (VM) from a first host to a second host, the VM comprising a first enclave within a memory of the first host (Page 1, Introduction, paragraph 4, lines 2-3: live migrating a VM with enclaves running inside; Page 2, Motivation, paragraph 1, lines 1-3: Intel SGX (SGX for short) allows an application to instantiate a protected execution environment, referred to as an enclave, in the application’s address space; Fig. 2), the VM further comprising an application running within the VM (Fig. 2, shows a VM/GuestOS running on a hypervisor comprising an Application), the VM running on a virtualization software that abstracts hardware of the first host (Fig. 2, Hypervisor in Source Machine; Page 8, A SGX Support in Hypervisor, paragraph 1, lines 7-9: When creating a guest VM, the hypervisor will first reserve a range of guest physical address which will be used as the guest’s EPC region later), the method comprising: 
calling, by the application, an eviction entry point located within the first enclave (Page 4, paragraph 1, lines 1-8: On the source machine, the control thread (i.e., eviction entry point) is responsible for generating a checkpoint that contains all the enclave’s memory and execution context, including the software-unreadable states maintained by hardware: the CSSA field in TCS. Specifically, we have designed a software mechanism running in the enclave that can track CSSA by monitoring all the entry and exit events of the enclave, without any dependency on the untrusted guest OS or hypervisor; Page 9, Step 3: After the guest OS receives the migration notification, it will refuse to create any new enclaves till the end of migration and ask applications to make enclaves prepared for migration. Specifically, it sends a migration signal (SIGUSR1) to each enclave process. Our SGX library has already registered the handler for this signal before creating enclaves; Fig. 2, control thread and enter quiescent point); 
encrypting, by the eviction entry point, persistent data of the first enclave (Page 3: P-3: State consistency. An enclave will generate a consistent checkpoint (consisting of the enclave’s memory data and execution context), which will be used for enclave restoration; Page 7, C Supporting Checkpoint/Resume, paragraph 2, line 3-6: the control thread (i.e., eviction entry point) will generate a checkpoint. The only difference is that for encrypting the checkpoint, the control thread will retrieve an encryption key (Kencrypt) from the enclave owner instead of generating a random one; Page 9, Step 4: After receiving the signal of migration, the SGX library Fig. 2, control thread and enter quiescent point); 
placing the encrypted persistent data outside of the first enclave (Page 9, Steps 5: After a control thread returns, the SGX library will tell the guest OS that one enclave is ready. At this point, the encrypted checkpoint of this enclave is stored outside the enclave.); 
migrating the VM and the encrypted persistent data to the second host (Page 3, P-2: State integrity. The states of a migrating enclave will not be tampered with during migration; Page 9, Step 6-7: When all enclaves are ready for migration, the guest OS will tell the hypervisor that it is ready for migration through a new hypercall. The hypervisor returns the control flow back to the QEMU process. Then the QEMU can continue the migration process without caring about enclaves (i.e., Live VM migration can be done by simply making a checkpoint of a VM on the current physical machine, transferring the checkpoint to a target machine, and resuming the VM on that machine See Page 3 paragraph 1).); 
creating a second enclave within the second host (Page 4: On the target machine, the restore process contains the following four steps. Step-1: the target machine creates and initializes a virgin enclave using the same image of the migrated enclave; Page 9, paragraph 9, lines 1-8: On the target machine, the resuming process is similar with the previous one (without enclaves). The differences are as follow: First, the guest OS rebuilds all the enclaves according to the records of enclave creation and destruction); 
decrypting, by a restoration entry point located within the second enclave, the encrypted persistent data (Page 4, Steps 2-3: Step-2: the source control thread will remotely attestate the newly created enclave. If the attestation succeeds, it will establish a secure channel with the target control thread to deliver the key encrypting the checkpoint. Step-3: the target i.e., restoriation entry point) will restore all the memory using the checkpoint, and utilize the SGX library (out-of-enclave) to restore CSSA. In the meantime, the target control thread will also track the CSSA using the same method mentioned above; Page 7, C. Supporting Checkpoint/Resume, paragraph 2, lines 6-9: When resuming, the control thread must use remote attestation to retrieve the corresponding Kencrypt from the enclave owner; wherein the key is used to decrypt the encrypted checkpoint; Fig. 2, control thread and exit quiescent point); and 
adding to the second enclave, by the restoration entry point, the decrypted persistent data (Page 4, Step 3: the target control thread will restore all the memory using the checkpoint, and utilize the SGX library (out-of-enclave) to restore CSSA).

	While Gu teaches the encryption of data inside enclaves for VM migration and suggests decryption of the encrypted checkpoint data utilizing a Kencrypt  key to allow restoration of the data in the target enclave, but Gu does not expressly teach persistent data and decrypting, by a restoration entry point located within the second enclave, the encrypted persistent data.

	However, Rozas teaches a method for suspending/resume migration of enclaves (See at least ¶¶ [0005-6]). Further, Rozas teaches persistent data and decrypting, by a restoration entry point located within the second enclave, the encrypted persistent data (¶ [0039]: A trusted migration enclave may then, verify that the SDCS is quiesced, and seal the SDCS in an authenticated encrypted persistent data structure, placing it in external non-volatile memory for migration, and the management process enclave may then deallocate the original SDCS; ¶ [0040] In some embodiments, another trusted migration enclave (e.g. on another platform) may execute, or cause a system Software Guard Extension (SGX) library to execute instructions to access 

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rozas with the teachings of Gu to further define the data as disclosed by Gu as persistent data given that the data is required to be available at the target system after migration and further utilize the keys to decrypt the encrypted persistent data structure. The modification would have been motivated by the desire of ensuring the data in the enclave to be protected during VM migration.

Regarding claim 2, Gu the method further comprising: 
notifying the application, by the virtualization software, of initiation of a migration process of the VM (Page 9, Step 2: The hypervisor locates the VM of the QEMU process and informs the guest OS that it should be prepared for migration. Here we implement an upcall mechanism by injecting a special interrupt.); and 
based at least in part on the notifying, performing the calling, by the application, of the eviction entry point located within the first enclave (Page 9, Step 4: After receiving the signal of migration, the SGX library will invoke the control threads to start the two-phase checkpointing; Page 1: two-phase checkpointing scheme to create a quiescent point when all the enclave threads reach a quiescent state; Fig. 2, Enter Quiescent point; Page 6, B Two-Phase 

Regarding claim 3, Gu teaches wherein the second host comprises a second virtualization software (Fig. 2, Target Machine, Hypervisor), the method further comprising: 
notifying the application, by the second virtualization software, of completion of the migration process of the VM and based at least in part on the notifying, performing the creating the second enclave within the second host (Page 4, Step-1: the target machine creates and initializes a virgin enclave using the same image of the migrated enclave; Page 9: On the target machine, the resuming process is similar with the previous one (without enclaves). The differences are as follow: First, the guest OS rebuilds all the enclaves according to the records of enclave creation and destruction. In the meantime, the hypervisor restores the EPC mapping for the guest OS. Next, the guest OS tells the SGX library to invoke control threads for each application. Last, each control thread restores each enclave).

Regarding claim 4, Gu teaches further comprising: 
determining by the application that the first enclave is a stateful enclave and based at least in part on the determining, performing the calling, by the application, the eviction entry point located within the first enclave (Page 1, Introduction, paragraph 5: a control thread running in each enclave to assist migration, which securely dumps all of the enclave’s states from inside. For the states like data in memory and CPU context, the control thread will encrypt them and use checksum for integrity protection before dumping; for the states that cannot be accessed directly by software, e.g., the CSSA (Current State Save Area) maintained by processor, we carefully design a bookkeeping mechanism to infer the value within the enclave. Besides, being aware of possible data consistency attacks from an untrusted OS and inspired by the two-phase commit in distributed computing, we reinforce our design through a two-phase checkpointing scheme to create a quiescent point when all the enclave threads reach a quiescent state; Fig. 2).

Regarding claim 5, Gu teaches further comprising: 
requesting an encryption key by the eviction entry point from a key management service and performing the encrypting using the encryption key (Page 7: C Supporting Checkpoint/Resume: for encrypting the checkpoint, the control thread will retrieve an encryption key (Kencrypt) from the enclave owner instead of generating a random one. When resuming, the control thread must use remote attestation to retrieve the corresponding Kencrypt from the enclave owner; reasonably teaches encryption as the key is also needed for resuming/restoring the checkpoint; Page 9, Step 5: After a control thread returns, the SGX library will tell the guest OS that one enclave is ready. At this point, the encrypted checkpoint of this enclave is stored outside the enclave.).

Regarding claim 6, Gu teaches further comprising: 
requesting a decryption key by the restoration entry point from the key management service and performing the decrypting using the decryption key (Page 4, Steps 2-3: Step-2: the source control thread will remotely attestate the newly created enclave. If the attestation succeeds, it will establish a secure channel with the target control thread to deliver the key encrypting the checkpoint. Step-3: the target control thread will restore all the memory using the checkpoint, and utilize the SGX library (out-of-enclave) to restore CSSA. In the meantime, the target control thread will also track the CSSA using the same method mentioned above; Page 7, C. Supporting Checkpoint/Resume, paragraph 2, lines 6-9: When resuming, the control thread must use remote attestation to retrieve the corresponding Kencrypt from the enclave owner).
In addition, Rozas teaches decrypting using the decryption key (¶ [0039]: A trusted migration enclave may then, verify that the SDCS is quiesced, and seal the SDCS in an authenticated encrypted persistent data structure, placing it in external non-volatile memory for migration, and the management process enclave may then deallocate the original SDCS; ¶ [0040] In some embodiments, another trusted migration enclave (e.g. on another platform) may execute, or cause a system Software Guard Extension (SGX) library to execute instructions to access external memory to retrieve such an authenticated encrypted persistent data structure for migration of the secure enclaves to the new platform. The sealed SDCS from the authenticated encrypted persistent data structure is decrypted and authenticated, and it is verified that security policies in the meta-data permit secure enclaves associated with the virtual machine to be resumed.).

Regarding claim 7, Gu teaches wherein the key management service is executing on a third host (Fig. 7, Attestation Service, Enclave Owner as shown are separate from the source and target machine).

Regarding claim 8, it is a media/product type claim having similar limitations as claim 1 above. Therefore, it is rejected under the same rationale above.

Regarding claim 9, it is a media/product type claim having similar limitations as claim 2 above. Therefore, it is rejected under the same rationale above.

Regarding claim 10, it is a media/product type claim having similar limitations as claim 3 above. Therefore, it is rejected under the same rationale above.

Regarding claim 11, it is a media/product type claim having similar limitations as claim 4 above. Therefore, it is rejected under the same rationale above.

Regarding claim 12, it is a media/product type claim having similar limitations as claim 5 above. Therefore, it is rejected under the same rationale above.

Regarding claim 13, it is a media/product type claim having similar limitations as claim 6 above. Therefore, it is rejected under the same rationale above.

Regarding claim 14, it is a media/product type claim having similar limitations as claim 7 above. Therefore, it is rejected under the same rationale above.

Regarding claim 15, it is a system type claim having similar limitations as claim 1 above. Therefore, it is rejected under the same rationale above. Further, the additional limitations of a first host comprising a memory, a hardware, and at least one processor, wherein the at least one processor is programmed to carry out a method are taught by Rozas in at least ¶ [0046] “embodiments of the present invention can be accomplished by way of data and/or instructions stored on a machine-readable, tangible medium, which when performed by a machine cause the machine to perform functions consistent with at least one embodiment of the invention. In one embodiment, functions associated with embodiments of the present invention are embodied in machine-executable instructions. The instructions can be used to cause a general-purpose or special-purpose processor that is programmed with the instructions to perform the steps of the present invention. Embodiments of the present invention may be provided as a computer program product or software which may include a machine or computer-readable medium having stored thereon instructions which may be used to program a computer (or other electronic devices) to perform one or more operations according to embodiments of the present invention. Alternatively, steps of embodiments of the present invention might be performed by specific hardware components that contain fixed-function logic for performing the steps, or by any combination of programmed computer components and fixed-function hardware components.”

Regarding claim 16, it is a system type claim having similar limitations as claim 2 above. Therefore, it is rejected under the same rationale above. 

Regarding claim 17, it is a system type claim having similar limitations as claim 3 above. Therefore, it is rejected under the same rationale above.

Regarding claim 18, it is a system type claim having similar limitations as claim 4 above. Therefore, it is rejected under the same rationale above.

Regarding claim 19, it is a system type claim having similar limitations as claim 5 above. Therefore, it is rejected under the same rationale above.

Regarding claim 20, it is a system type claim having similar limitations as claim 6 above. Therefore, it is rejected under the same rationale above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JORGE A CHU JOY-DAVILA whose telephone number is (571)270-0692.  The examiner can normally be reached on Monday-Friday, 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai T An can be reached on (571)-272-3756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/JORGE A CHU JOY-DAVILA/Primary Examiner, Art Unit 2195