DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the amendment filed 6/29/2021.
Claims 1 and 10-17 have been amended.
Claim 7 has been cancelled.
Claims 21 is newly added.
Claims 1-6 and 8-21 are pending and have been considered below.

Response to Arguments
Applicant's arguments filed 6/29/2021 have been fully considered but they are not deemed persuasive.
Applicant argues:
1. Forrester merely discusses generating a measurement of a file.
2. Forrester fails to teach “generating a measurement log for a disk image”
3. Forrester fails to disclose “generating a measurement log that comprises file paths and hashes for files and comparing a measurement log to file paths and hashes of a reference measurement”
4. Forrester merely discusses generating a hash for a virtual machine image.  This hash would not be, for example, a log, a measurement log, or a measurement log that includes hashes and file path”

Examiner responds:
	Examiner disagrees with all the arguments presented by the applicant.
1. Forrester teaches that “A virtual machine image normally appears as a single file, or related set of files, on a normal underlying file system.  The structure of the virtual machine image is such that internally it can represent a full file system for a given platform” (see at least paragraph 24).  Forrester further discloses “The virtual machine image can be created from a set of existing software such as an operating system or an application…” (see at least paragraph 45).  Applicant’s specification provides a description of a disk image as a “virtual disk” associated with a virtual machine that is hosted by a machine (paragraph 21).  It appears that the virtual machine image of Forrester and the disk image of the claimed invention are not distinct.  An image of a virtual machine or one or more files.
2. Forrester discloses “the integrity verification component can be configured to collect measurements, such as a digest, from one or more of the virtual machine images…” (see at least paragraph 30).  As discussed above, the virtual machine image and the claimed disk image (i.e. virtual disk) are not distinct and therefore, the measurements of Forrester and the claimed measurement log are not distinct as well.
3. Forrester describes “an integrity verification component can be communicatively coupled to the VMM or integrated within the VMM to perform a one-way cryptographic hashing function over the virtual machine image.  The resulting hash, also referred to herein as a “digest,”…” (see at least paragraph 27).  Forrester further describes “Collected measurements can also include metadata such as version or vendor information so that the collected measurements can be compared to metadata stored in integrity reference component…metadata can include a location of each virtual machine image within the underlying file system of physical hardware platform/machine, or some other machine.  If a virtual machine image is expected to be located at a certain file path of the underlying file system, or at a certain location on a network drive, for example, metadata can include such location information” (see paragraphs 40-41).  Accordingly, the collected measurements of Forrester includes hashes and file paths of the virtual machines.
4. Forrester teaches “Collected measurements can also include metadata such as the location information so that the collected measurements can be compared to metadata stored in integrity reference component and can be used together with the digests in determined the trust score for the virtual machine images…” (see at least paragraph 41).  Accordingly, the collected measurements of Forrester include hashes and file paths of the virtual machines and are used to compare against the hashes and file paths of the reference measurements.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-3, 5, 6, 8-13, 15-17, 19 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Pub. No. 20090089860 to Forrester.

Per claims 1 & 17, Forrester a method for integrity verification of a software stack or part of a software stack resident on a host machine, the method comprising: 
at a management entity: 
generating a measurement log for a disk image associated with the software stack or the part of a software stack (see at least paragraph 30 “the integrity verification component can be configured to collect measurements, such as a digest (i.e. hashes), from one or more of the virtual machine images…”), wherein the measurement log comprises file paths and hashes for files of the software stack or the part of a software stack (see at least paragraphs 40-41 “Collected measurements can also include metadata such as version or vendor information so that the collected measurements can be compared to metadata stored in integrity reference component…metadata can include a location of each virtual machine image within the underlying file system of physical hardware platform/machine, or some other machine.  If a virtual machine image is expected to be located at a certain file path of the underlying file system, or at a certain location on a network drive, for example, metadata can include such location information”); and
at a verifier entity: 
retrieving the generated measurement log; and comparing the generated measurement log with a reference measurement of a Collected measurements can also include metadata such as the location information so that the collected measurements can be compared to metadata stored in integrity reference component and can be used together with the digests in determined the trust score for the virtual machine images…”).

Per claims 2 & 19, Forrester further teaches
wherein generating the measurement log comprises: 
mounting the disk image associated with the software stack or the part of a software stack in the management entity (see at least paragraph 28 “…one or more virtual machine images 120 installed on machine 115, and provides the base functionality for providing virtual machine images 120 with access to devices and memory of machine 115”); 
scanning a filesystem of the mounted disk image to generate measurements of files of the disk image (see at least paragraph 37 “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”); and 
generating the measurement log based on the generated measurements (see at least paragraph 37 “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”).  

Per claims 3 & 18, Forrester further teaches
wherein generating the measurement log comprises: 
snapshotting the software stack (see at least paragraph 29 “…prior to deployment of a virtual machine image 120…create a hash or digest of virtual machine image while in a known good state so as to facilitate the creation of a trusted library of known good reference values…”); 
cloning the disk image associated with the software stack (see at least paragraph [0029] “…a software stack used to create virtual machine images 120…”); 
mounting the cloned disk image associated with the software stack in the management entity (see at least paragraph 28 “…one or more virtual machine images 120 installed on machine 115, and provides the base functionality for providing virtual machine images 120 with access to devices and memory of machine 115”); 
scanning a filesystem of the mounted disk image to generate measurements of files of the cloned disk image (see at least paragraph 37 “…measurement agents can collect measurements of discrete virtual machine image elmements of virtual machine images…”; see also at least paragraph 24 “A virtual machine image normally appears as a single file, or related set of files, on a normal underlying file system.  The structure of the virtual machine image is such that internally it can represent a full file system for a given platform”); and 
generating the measurement log based on the generated measurements (see at least paragraph 37 “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”).  

Per claim 5, Forrester further teaches
wherein the software stack comprises a virtual machine, or wherein the part of a software stack comprises an operating system or an application image (see at least paragraph [0029] “…a software stack used to create virtual machine images 120…”).


wherein the software stack comprises a virtual machine (see at least paragraph [0029] “…a software stack used to create virtual machine images 120…”), and wherein generating the measurement log comprises: 
receiving file details for files of a disk image associated with the virtual machine from the host machine (see at least paragraph [0037] “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”); and 
generating the measurement log based on the received file details (see at least paragraph [0037] “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”).  

Per claim 8, Forrester further teaches
wherein the host machine comprises a hypervisor node, and wherein the management entity is a management virtual machine (see at least FIGS. 1-4). 


at the management entity, signing the measurement log (see at least paragraph [0029] “…Integrity reference component 125, including virtual machine integrity records 130 and digests 135, can also be digitally signed by an integrity reference provider…”).

Per claim 10, Forrester teaches a system comprising:
a plurality of host machines, each host machine hosting a software stack (see at least FIGS. 1-4);
a management virtual machine (see at least FIGS. 1-4); and 
a verifier server (see at least FIGS. 1-4), wherein the verifier server is to:
assign each software stack or part of a software stack of each host machine of the plurality of host machines to a corresponding verification profile of a plurality of verification profiles, wherein a given verification profile of the plurality of verification profiles indicates one or more reference measurements for the corresponding software stack or part of a software stack (see at least  FIGS. 1-4 “VM integrity records – digests & metadata”; see at least paragraph 29 “integrity reference component 125, which can store virtual machine integrity records 130 having known good digests 135.  Prior to deployment of a virtual machine image 120, integrity verification component 105 can verify the integrity of virtual machine image 120 and create a hash or digest of virtual machine image 120 while in a known good state so as to facilitate the creation of a trusted library of known good reference values, such as those stored as virtual machine integrity records 130 having digests 135 in the integrity reference component 125…”), and a given reference measurement of the one or more reference measurements comprises reference file paths and reference hashes for files of the corresponding software stack or the part of a software stack (see at least paragraphs 40-41 “Collected measurements can also include metadata such as version or vendor information so that the collected measurements can be compared to metadata stored in integrity reference component…metadata can include a location of each virtual machine image within the underlying file system of physical hardware platform/machine, or some other machine.  If a virtual machine image is expected to be located at a certain file path of the underlying file system, or at a certain location on a network drive, for example, metadata can include such location information”);
request verification of a software stack or part of a software stack of a given host machine of the plurality of host machines to the management virtual machine of the given host machine, wherein the given verification profile corresponds to the given host machine (see at least paragraph 30 “…after deployment of virtual machine images 120, the integrity verification component 105 can be configured to collect measurements, such as a digest, from one or more of the virtual machine images…”; see also paragraph 48 “…The integrity of the virtual machine image can be verified when starting the virtual machine image…”); and
compare a verification log generated by the management virtual machine to the one or more reference measurements of the given verification profile to verify the software stack or the part of a software stack of the given host machine, wherein the comparison comprises comparing the verification log to the reference file paths and the reference hashes (see at least paragraph 41 “Collected measurements can also include metadata such as the location information so that the collected measurements can be compared to metadata stored in integrity reference component and can be used together with the digests in determined the trust score for the virtual machine images…”).

Per claim 11, Forrester further teaches
wherein the verifier server is to request verification of a management virtual machine of a host machine of each host machine of the plurality of host machines (see at least paragraph 30 “…after deployment of virtual machine images 120, the integrity verification component 105 can be configured to collect measurements, such as a digest, from one or more of the virtual machine images…”; see also paragraph 48 “…The integrity of the virtual machine image can be verified when starting the virtual machine image…”).


wherein the management virtual machine is to: 
snapshot the software stack or the part of a software stack of the given host machine (see at least paragraph 29 “…create a hash or digest of virtual machine image while in a known good state so as to facilitate the creation of a trusted library of known good reference values…”); 
clone a disk image associated with the software stack of the given host machine (see at least paragraph 29 “…a software stack used to create virtual machine images”); 
mount the cloned disk image in the management virtual machine (see at least paragraph 28 “…one or more virtual machine images installed on machine and provides the based functionality for providing virtual machine images with access to devices and memory of machine…”);
scan a filesystem of the mounted cloned disk image to generate measurements of files of the cloned disk image (see at least paragraph 37 “…measurement agents can collect measurements of discrete virtual machine image elements of virtual machine images…”; see also at least paragraph 24 “A virtual machine image normally appears as a single file, or related set of files, on a normal underlying file system.  The structure of the virtual machine image is such that internally it can represent a full file system for a given platform”); and 
measurement agents can collect measurements of discrete virtual machine image elements of virtual machine images…”).  

Per claim 13, Forrester further teaches
wherein the management virtual machine is to: 
mount a disk image associated with the software stack in the management virtual machine (see at least paragraph 28 “…one or more virtual machine images installed on machine and provides the based functionality for providing virtual machine images with access to devices and memory of machine…”);
scan a filesystem of the mounted disk image to generate measurements of files of the disk image (see at least paragraph 37 “…measurement agents can collect measurements of discrete virtual machine image elmements of virtual machine images…”; see also at least paragraph 24 “A virtual machine image normally appears as a single file, or related set of files, on a normal underlying file system.  The structure of the virtual machine image is such that internally it can represent a full file system for a given platform”); and 
generate the verification log based on the generated measurements (see at least paragraph 37 “…measurement agents can collect measurements of discrete virtual machine image elements of virtual machine images…”).  
  
Per claim 15, Forrester further teaches
wherein the software stack comprises a second virtual machine (see at least FIGS. 1-4), and wherein the management virtual machine is to: 
receive file details for files of a disk image associated with the second virtual machine from the host machine (see at least paragraph 37 “…measurement agents can collect measurements of discrete virtual machine image elements of virtual machine images…”); and 
generate the verification log based on the received file details (see at least paragraph 37 “…measurement agents can collect measurements of discrete virtual machine image elements of virtual machine images…”.  

Per claim 16, Forrester further teaches
wherein each host machine of the plurality of host machines comprises a hypervisor node (see at least FIGS. 1-4).

Per claim 20, Forrester further teaches
wherein the software stack comprises a virtual machine (see at least FIGS. 1-4), and wherein the instructions are further to cause the processing resource to: 
Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”); and 
generate the measurement log based on the received file details (see at least paragraph [0037] “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”).  

Per claim 21, Forrester further teaches
at the verifier entity, comparing a signature of the generated measurement log with a signature of the verification profile to verify the software stack or the part of the software stack (see at least paragraph 27 “The resulting hash, also referred to herein as a “digest” (i.e. signature) can be compared to virtual machine integrity records, which include known good reference values…”).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 4, 14 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 20090089860 to Forrester in view of U.S. Pub. No. 20150074054 to Antony.

Per claim 4 & 14, Forrester does not explicitly teach
wherein the management virtual machine is to generate a read-only clone of the disk image.

	Antony teaches an analogous art relates to create cloning virtual machines, comprising:
generate a read-only clone of the disk image (see at least paragraph 31 “…create a full clone of the parent VM, the processing device creates a snapshot of the parent virtual disk.  For example, the snapshot may be a read-only copy of the virtual disk at the point in time at which the cloning request is processed”).
	It would have been obvious for a person of an ordinary skill in the art as of the effective filing date of the claimed invention to modify the teaching of Forrester to 

Per claim 18, Forrester further teaches
wherein the instructions are further to cause the processing resource to:
snapshot the software stack (see at least paragraph [0029] “…prior to deployment of a virtual machine image 120…create a hash or digest of virtual machine image while in a known good state so as to facilitate the creation of a trusted library of known good reference values…”); 
clone the disk image associated with the software stack or the part of a software stack to generate a verify the integrity of a software stack used to create virtual machine images 120…”);
mount the cloned disk image in the management entity (see at least paragraph [0028] “…one or more virtual machine images 120 installed on machine 115, and provides the base functionality for providing virtual machine images 120 with access to devices and memory of machine 115”); 
scan a filesystem of the mounted cloned disk image to generate measurements of files of the cloned disk image (see at least paragraph [0037] “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”); and 
generate the measurement log based on the generated measurements (see at least paragraph [0037] “…Individual measurement agents 405 can collect measurements 410 of discrete virtual machine image elements 415 of virtual machine images 120.  For example, discrete virtual machine image elements 415 can include operating system files, application files, or configuration files, among other possibilities…”).  
	Forrester does not explicitly teach
generate a read-only clone of the disk image.

	However, Antony teaches an analogous art relates to virtual machine cloning, comprising:
generating a read-only clone of a disk image (see at least paragraph [0031] “…the processing device creates a snapshot of the parent virtual disk.  For example, the snapshot may be a read-only copy of the virtual disk at the point in time at which the cloning request is processed…”).
	Therefore, it would have been obvious for a person of an ordinary skill in the art as of the effective filing date of the claimed invention, to modify the teaching of Forrester to incorporate the teaching of Antony to create a read-only virtual image.  One have been motivated to create a read-only virtual image in order to prevent it from being modified.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHILLIP H NGUYEN whose telephone number is (571)270-1070.  The examiner can normally be reached on Monday-Friday 9:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PHILLIP H NGUYEN/Primary Examiner, Art Unit 2191