DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Joe Grdinovac (Reg. No. 72,224) on September 07, 2021.

Claims
The application has been amended as follows: 

Regarding claim 2: (Currently Amended) A computer implemented method comprising:
generating a key pair comprising a private key and a public key;
storing the public key on a host computing device of a distributed computing environment;
storing the private key in a secure location of the distributed computing environment external to the host computing device;
retrieving, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key and the privileged 
determining a set of permissions associated with the public key;
determining that the privileged operation is allowed according to the set of permissions;
verifying the request using the public key stored on the host computing device; and
executing the privileged operation in the at least one of the hypervisor or the kernel of the host computing device, the privileged operation including applying the patch to at least one of the hypervisor or the kernel of the host computing device.

Regarding claim 3: (Currently Cancelled)

Regarding claim 10: (Currently Cancelled)

Regarding claim 14: (Currently Amended) A computing system, comprising:
at least one processor; and
memory including instructions that, when executed by the at least one processor, cause the computing system to:
generate a key pair comprising a private key and a public key;
store the public key on a host computing device of a distributed computing environment;
store the private key in a secure location of the distributed computing environment external to the host computing device;

determine a set of permissions associated with the public key;
determine that the privileged operation is allowed according to the set of permissions;
verify the request using the public key stored on the host computing device; and
execute the privileged operation in the at least one of the hypervisor or the kernel of the host computing device, the privileged operation including applying the patch to at least one of the hypervisor or the kernel of the host computing device.

Regarding claim 15: (Currently Amended) The computing system of claim 14, wherein the privileged operation includes a request to:

read a location in memory of a guest hosted on the host computing device;
modify one or more variables executing on the host computing device; or
shut down or reboot a guest executing on the host computing device.

Regarding claim 18: (Currently Cancelled) 


Terminal Disclaimer 
The terminal disclaimer filed on 07 September 2021 disclaiming the terminal portionof any patent granted on this application which would extend beyond the expiration dateof U.S. 13/746737 (now Patent 10063380) has been reviewed and is accepted. The terminal disclaimer has been recorded.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
Claims 2, 4-9, 11-17 and 19-20 are considered allowable.
The Prior Art Anantharaju US Patent Application Publication No. 2014/0040997 teaches securing a virtual machine to be executed on a host machine is accomplished by authenticating, by the virtual machine during an initial boot routine, an identity of the host machine. If the identity does not match a predetermined value, then authenticating the identity of the host machine fails and data associated with the virtual machine is deleted.
The Prior Art Marr et al. US Patent No. 9565207 teaches when providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other 
The Prior Art Garrett et al. US Patent Application Publication No. 2011/0088032 teaches a computer system comprises a host machine comprising a plurality of compute resources, at least one management processor, a hypervisor, at least one persistent state data store location coupled to the host machine, wherein the persistent state data store location stores configuration data for the hypervisor, and a persistent state module coupled to a management processor coupled to the host machine, Wherein the persistent state module maps hypervisor configuration data to a persistent state data store.

The instant application is allowable over Anantharaju, Marr et al. and Garrett et al. described above, either singularly or in combination, due to the instant application teaching a different and detailed formalized set of interfaces (e.g., application programming interfaces (APIs)), that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.

The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitations of “retrieving, by the host computing device, a request to execute a privileged operation on at least one of a hypervisor of the host computing device and a kernel of the host computing device, the request being secured by the private key and the privileged operation including at least one of an instruction to apply a patch to the host computing device or stop a virtual machine on the host computing device; determining a set of permissions associated with the public key; determining that the privileged operation is allowed according to the set of permissions; the privileged operation including applying the patch to at least one of the hypervisor or the kernel of the host computing device” as recited in independent claims 2 and 14 in combination with the remaining elements of the claim as a whole.

Therefore the claims of the instant application are allowable over the cited prior art.
[AltContent: textbox ()]
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857.  The examiner can normally be reached on Monday - Friday 9:00 - 5:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FAHIMEH MOHAMMADI/   Examiner, Art Unit 2439                                                


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439