DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received on 09/14/2021. 

Response to Amendment
Claims 1-15 have been amended. 
Claims 16-20 have been newly added.
Claims 1-20 have been examined.
Examiner’s rejection of claims 6 and 15 under 35 U.S.C 112 is withdrawn in light of the applicant’s amendments to the claims.  
Applicant’s arguments with respect to claims 1 and 14 regarding the new limitations: “receiving, at a monitor, a message from the low-level execution environment indicating that the low-level execution environment has entered a System Management Mode (SMM)” and “receiving, at the monitor, a data packet representing execution of a selected portion of a control-flow process at the low-level execution environment in the SMM”, have been considered but are moot in view of the new ground of rejection presented in the current rejection. 
Applicant’s arguments with respect to claim 8 regarding the new limitations: “receive a message indicating that the low-level execution environment has entered a controlled mode of operation” and “the data packet pushed into a queue by a target that executes the control-flow process, wherein the data packet cannot be modified after being pushed into the queue, a concurrent access of the queue is not performed in the controlled mode of operation, and the target has exclusive access of the queue in the controlled mode of operation”, have been considered but are moot in view of the new ground of rejection presented in the current rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-4, 6 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2016/048288 A1 to Jeansonne et al (hereinafter Jeansonne) and prior art of record Practical Context-Sensitive CFI by Veen et al (hereinafter Veen).
As per claims 1 and 14, Jeansonne teaches:
A method for monitoring control-flow integrity in a low- level execution environment in a system, the method comprising: 
receiving, at a monitor, a message from the low-level execution environment indicating that the low-level execution environment has entered a System Management Mode (SMM) (Jeansonne: [0023] FIG. 2 is a block diagram of an example computing device including a processor 102 to complete execution of boot strap data 218 at module 220 from a memory 106 prior to execution of SMM BIOS code 108 at module 104. The processor 102 transmits a signal to the controller 110 signifying the completion of the boot strap information at module 220. The signal from the processor 102 indicates to the controller 110, the processor 102 is entering the SMM BIOS mode for execution of the SMM BIOS code 108 at module 104. Also, [0027]); 
receiving, at the monitor, a data packet representing execution of a selected portion of a control-flow process at the low-level execution environment in the SMM (Jeansonne: [0027]: In response to receiving this signal, the controller monitors the expected functionality during the execution of the SMM BIOS code. The expected functionality is a behavior that may occur as a result of execution of the SMM BIOS code. As such, the behavior may be observable through line by line of SMM BIOS code or upon completion of the SMM BIOS code. It is inherent that the monitor has to receive data packets representing the behavior); 
and 
determining whether the identified pathway corresponds to an expected control- flow behavior (Jeansonne: [0028] At operation 304, the controller detects the change to the SMM BIOS code through observing the expected functionality during execution of the SMM BIOS code. This change to the SMM BIOS code indicates the SMM BIOS code has been compromised, meaning the SMM BIOS code may be corrupt and/or may include an unauthorized modification of the SMM BIOS code. The controller anticipates these expected functionalities by tracking the expected functionalities. If there is a deviation or unexpected functionality, this indicates the change to the SMM BIOS code and hence the compromised SMM BIOS code).
Jeansonne teaches receiving data packets of the behavior of the SMM BIOS code and determining whether the behavior is expected behavior but does not explicitly teach: a data packet representing execution of a selected portion of a control-flow process; identifying, using the data packet, a pathway corresponding to the selected portion of the control-flow process from a set of permissible control-flow pathways; determining whether the identified pathway corresponds to an expected control- flow behavior. However, Veen teaches:
a data packet representing execution of a selected portion of a control-flow process (Veen: Page 930, left column: lines 3-8: Once the kernel module is loaded, protected program binaries run with PathArmor’s dynamic instrumentation component. This component first starts our path analyzer, an external trusted component which runs in the background and waits for path verification requests from the kernel module via a dedicated upcall interface. Right column, lines 5-10: When our target requests execution of a dangerous system call, we pause execution, collect LBR data, and forward it to the on-demand static analyzer in user space. Page 931, right column: section: 3.2.3 Path Verification: The path analyzer is given a path that must be verified. The path is an LBR state containing direct and indirect calls, indirect jumps, and returns); 
identifying, using the data packet, a pathway corresponding to the selected portion of the control-flow process from a set of permissible control-flow pathways (Veen: Page 931, right column: section: 3.2.3 Path Verification: The path analyzer is given a path that must be verified. The path is an LBR state containing direct and indirect calls, indirect jumps, and returns. To verify whether it is valid, the analyzer performs a Depth-First Search (DFS) on the CFG to find a path that contains the provided edges in the same order as they were recorded by the LBR. A recorded path is thus considered valid iff: (i) all edges in the LBR state exist within the CFG, and (ii) these edges can be linked together via a valid path of direct edges within the CFG); 
determining whether the identified pathway corresponds to an expected control- flow behavior (Veen: page 930: Right column, lines 5-26: If the analyzer returns true (meaning that the path was found in the CFG and thus is valid), the kernel module stores a hash of the path in. In the event that on-demand static analysis returns a negative result (no valid path was found in the CFG), the module stops the program and reports that an attack was detected).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Veen in the invention of Jeansonne to include the above limitations. The motivation to do so would be to provide a binary-level CCFI implementation which tracks paths to sensitive program states, and defines the set of valid control edges within the state context to yield higher precision than existing CFI implementations (Veen: Abstract).

As per claim 2, Jeansonne in view of Veen teaches:
The method of claim 1, further comprising: instrumenting a set of instructions for execution in the SMM (Veen: page 930: left column: 28-31: Finally, our instrumentation component instruments the binary according to a predetermined sensitive path termination policy).  
The examiner provides the same rationale to combine prior arts Jeansonne and Veen as in claim 1 above.

As per claim 3, Jeansonne in view of Veen teaches:
The method of claim 2, comprising: automatically instrumenting the set of instructions to provide control flow integrity related information (Veen: page 930: left column: 3-31: To satisfy path verification requests, our analyzer receives all the necessary LBR-based path information—and constraints on indirect but also interprocedural direct control transfers—from our kernel module and performs static analysis on-demand to enforce our CCFI policies. Finally, our instrumentation component instruments the binary according to a predetermined sensitive path termination policy. PathArmor can, in principle, be configured to verify either entire paths to sensitive system calls or limit such paths to the library call interface).  
The examiner provides the same rationale to combine prior arts Jeansonne and Veen as in claim 1 above.

As per claim 4, Jeansonne in view of Veen teaches:
The method of claim 3, further comprising: executing first and second instrumentation passes of the set of instructions to respectively administer backward-edge and forward-edge control-flow integrity (Veen: Page 930: right column: Section 3.1.2: Branch Recording: 2nd paragraph: Ideally, we would configure the Branch Recording core to collect only indirect branches (indirect jumps, indirect calls and returns). Page 931: right column: section 3.3: Dynamic Instrumentation: In addition, the instrumentation component opens a communication channel with the kernel module that can be used by the inserted instrumentation snippets to communicate with the Branch Recording core. Page 931: left column: For backward edges (i.e., returns), our policies implement a fully context-sensitive resolution strategy, to which we refer as call/return matching. This strategy emulates a runtime call stack by tracking call and return edges as these are encountered. For forward edges (i.e., indirect calls), our current prototype supports a simple context-sensitive strategy which resolves code pointers propagated across caller-callee pairs with no contrived data flow. This policy lets us unambiguously resolve indirect call sites, at which call targets are loaded as constants and passed as a callback argument. Page 932: section 3.3.2 Rewriter: 3rd paragraph: The dynamic instrumentation module of the initialization component performs necessary rewriting tasks at load time (when dynamically linked libraries are available) and at runtime (every time a new shared library is dynamically loaded into memory). Section: 3.3.3 Callbacks: 1st paragraph: As mentioned above, a second dynamic instrumentation round is required in order to enable branch recording again when a library function invokes a callback that lies in the program’s binary (e.g., qsort()). Instrumenting callback sites is done by looping over all shared library functions and searching for indirect call instructions.).  
The examiner provides the same rationale to combine prior arts Jeansonne and Veen as in claim 1 above.

As per claim 6, Jeansonne in view of Veen teaches:
The method of claim 2, further comprising: determining the expected control-flow behavior of the set of instructions executing in the low-level execution environment (Jeansonne: [0028] At operation 304, the controller detects the change to the SMM BIOS code through observing the expected functionality during execution of the SMM BIOS code. This change to the SMM BIOS code indicates the SMM BIOS code has been compromised, meaning the SMM BIOS code may be corrupt and/or may include an unauthorized modification of the SMM BIOS code. The controller anticipates these expected functionalities by tracking the expected functionalities. If there is a deviation or unexpected functionality, this indicates the change to the SMM BIOS code and hence the compromised SMM BIOS code. Veen: Page 931, right column: section: 3.2.3 Path Verification: The path analyzer is given a path that must be verified. The path is an LBR state containing direct and indirect calls, indirect jumps, and returns. To verify whether it is valid, the analyzer performs a Depth-First Search (DFS) on the CFG to find a path that contains the provided edges in the same order as they were recorded by the LBR).  
The examiner provides the same rationale to combine prior arts Jeansonne and Veen as in claim 1 above. 

As per claims 15 and 16, Jeansonne in view of Veen teaches:
The apparatus of claim 14, wherein the low-level execution environment comprises a hypervisor (Jeansonne: [0011]: detecting whether the SMM BIOS code is compromised may be used to strengthen the SMM BIOS code for more security critical functions, such as monitoring a hypervisor and providing other more critical services).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Jeansonne in view of Veen as applied to claim 2 above, and further in view of prior art of record Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths by Xu et al (hereinafter Xu).
As per claim 5, Jeansonne in view of Veen does not teach the limitations of claim 5. However, Xu teaches:
comprising: manually instrumenting the set of instructions to provide control flow integrity related information (Xu: page 26: section 3.2: Waypoint Implementation: We generate waypoints and their corresponding permissions through static analysis. We introduce global control flow information by defining the number of times that a function can be invoked. We build a (transitive) map between system call wrappers and system call numbers. Currently, we analyze the hierarchical functions manually).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Xu in the invention of Jeansonne in view of Veen to include the above limitations. The motivation to do so would be to detect and prevent the executing code from subverting the target system (Xu: Abstract).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Jeansonne in view of Veen as applied to claim 6 above, and further in view of prior art of record US 20120297057 to Ghosh et al (hereinafter Ghosh).
As per claim 7, Jeansonne in view of Veen teaches:
The method of claim 6, further comprising: receiving, at the monitor, the determined expected control-flow behavior of the set of instructions executing in the low-level execution environment (Jeansonne: [0028] At operation 304, the controller detects the change to the SMM BIOS code through observing the expected functionality during execution of the SMM BIOS code. Veen: page 931: left column: section 3.2.1 CFG Generation: 1st paragraph: To validate a path, PathArmor requires an accurate CFG of the protected binary. To obtain a CFG, we use existing binary analysis frameworks to disassemble and analyze binaries. 2nd paragraph: Furthermore, PathArmor implements indirect edge resolution policies to augment a CFG walk with indirect edges in a context-sensitive manner. 5th paragraph: We also implement a strategy to augment the precision of indirect jumps found in PLT entries. The CFG is updated with data received from the instrumentation component, enabling unambiguous target resolution), and a memory mapping of the set of instructions determined during boot of the low-level execution environment (Veen: page 931: right column: section 3.3: Dynamic Instrumentation: The instrumentation component consists of both a library instrumentation (in the form of a special loader), and dynamic binary instrumentation module. Its main objectives are (i) collecting address offsets (for both libraries and the target program) and passing these to the static analysis component. Page 932: left column: lines 3-8: In addition, the loader collects the program’s PLT and GOT entries as well as the base addresses of the different libraries that are in place. This information is then passed via the kernel module to the on-demand static analyzer where it is used to distinguish calls to library functions from branches within the program’s main address space).
Jeansonne in view of Veen teaches memory mapping of the set of instructions but does not teach a memory mapping determined during boot of the execution environment. However, Ghosh teaches:
a memory mapping determined during boot of the execution environment (Ghosh: [0059] During the system boot time, contents of control data and/or code may be changing. According to some aspects of embodiments, an analysis module may check the integrity of the control data and/or code. In some aspects of embodiments, the control data may include a table, for example an IDT table, hypercall table and/or exception table of Xen. In one aspect of embodiments, the code may be the code part of a hypervisor, for example Xen hypervisor. [0060] According to some aspects of embodiments, the virtual addresses of idt_table, hypercall_table and/or exception table may be determined. In some aspect of embodiments, the physical address of these symbols may be virtual address--0xff00,0000 on x86-32 architecture with PAE. In one aspect of embodiments, the address of Xen hypervisor code may be between_stext and_etext. In another aspect of embodiments, a hardware-assisted integrity monitor may monitor the control data and/or codes of Domain 0).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Ghosh in the invention of Jeansonne in view of Veen to include the above limitations. The motivation to do so would be to maximize the scan efficiency (Ghosh: [0060]).

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Jeansonne in view of Veen as applied to claim 1 above, and further in view of US 4419728 to Larson (hereinafter Larson).
As per claim 17, Jeansonne in view of Veen does not teach the limitations of claim 17. However, Larson teaches: 
wherein the data packet is from a queue into which a target that executes instructions to perform the control-flow process pushes data packets for processing by the monitor, wherein no concurrent access of the queue is performed during the SMM (Larson: column 2, lines 39-40: A significant data communication structure used in this arrangement is the reader/writer queue, a sample of which is illustrated in FIG. 3. This queue is simply a segment of processor memory 102 that has been designated by processor 101 as a storage location for data messages that are to be transmitted or received. Column 3, lines 3-37: To prevent any queue contention problems, the semaphore is used and generally comprises a particular bit pattern stored in the memory address location immediately following the memory location identified by the limit pointer. The semaphore is essentially a flag to indicate to a circuit seeking access to the queue whether the queue is idle or currently being accessed by another circuit. In this fashion, the semaphore prevents concurrent access to a queue).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Larson in the invention of Jeansonne in view of Veen to include the above limitations. The motivation to do so would be to save processor real time and increase the speed of the effective data transfer between the communication channel and the processor since there is no delay while the processor is required to access every data message and either store same in its memory or provide address information as to where the message should be stored (Larson: column 2, lines 1-6).

Claims 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Jeansonne in view of Veen as applied to claim 1 above, and further in view of BIOS chronomancy: fixing the core root of trust for measurement by Butterworth et al (hereinafter Butterworth).
As per claims 18 and 20, Jeansonne in view of Veen does not teach the limitations of claims 18 and 20. However, Butterworth teaches:
further comprising: receiving, at the monitor in association with a System Management Interrupt (SMI), location information of a System Management RAM (SMRAM); and comparing, by the monitor, the location information of the SMRAM to expected location information of the SMRAM to detect malicious modification of the location information of the SMRAM (Butterworth: Page 30, right column: section 5.2 What to Measure? As shown in Figure 2 (a), BIOS code (1) instantiates SMRAM (2), which contains the BIOS Chronomancy code (3)-(6). Immediately after instantiating SMRAM, the BIOS sends a signal to the SMI handler requesting that a measurement take place. The SMI handler fields this request and begins executing the BIOS Chronomancy (BC) code. Page 31, right column: section 5.2.2 SMRAM Measurement: After the BC code checks itself, in order to cede minimal space in which an attacker can hide, the entirety of SMRAM must be measured. This provides a measurement of the OEM SMM code which could have been modified by attacks. We also note that it is important to find and measure the SMBASE register, as this tells the processor what the base address for SMRAM should be the next time SMM is entered. At the time our attestation code is invoked, SMRAM has its EBP pointing to address 0x20E and its ESP pointing to 0xDFF0 421E. Our code is compiled to expect the stack frame to point to 0xDFFF FF00, so we have to relocate EBP for the duration of our measurements).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Butterworth in the invention of Jeansonne in view of Veen to include the above limitations. The motivation to do so would be to create a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS (Butterworth: Abstract).

As per claim 19, Jeansonne in view of Veen and Butterworth teaches:
The method of claim 18, further comprising: receiving, at the monitor during a boot time of the system, the expected location information of the SMRAM (Butterworth: Page 31, right column: section 5.2.2 SMRAM Measurement: After the BC code checks itself, in order to cede minimal space in which an attacker can hide, the entirety of SMRAM must be measured. This provides a measurement of the OEM SMM code which could have been modified by attacks. We also note that it is important to find and measure the SMBASE register, as this tells the processor what the base address for SMRAM should be the next time SMM is entered. At the time our attestation code is invoked, SMRAM has its EBP pointing to address 0x20E and its ESP pointing to 0xDFF0 421E. Our code is compiled to expect the stack frame to point to 0xDFFF FF00, so we have to relocate EBP for the duration of our measurements).
The examiner provides the same rationale to combine prior arts Jeansonne in view of Veen and Butterworth as in claim 18 above. 

Claims 8, 9 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Veen, Jeansonne and Larson.
As per claim 8, Veen teaches:
A non-transitory machine-readable storage medium encoded with monitor instructions executable on a processor for monitoring control-flow integrity in a low-level execution environment, the monitor instructions upon execution causing a system to:
receive a data packet representing execution of a selected portion of a control-flow process at the low-level execution environment (Veen: Page 930, left column: lines 3-8: Once the kernel module is loaded, protected program binaries run with PathArmor’s dynamic instrumentation component. This component first starts our path analyzer, an external trusted component which runs in the background and waits for path verification requests from the kernel module via a dedicated upcall interface. Right column, lines 5-10: When our target requests execution of a dangerous system call, we pause execution, collect LBR data, and forward it to the on-demand static analyzer in user space. Page 931, right column: section: 3.2.3 Path Verification: The path analyzer is given a path that must be verified. The path is an LBR state containing direct and indirect calls, indirect jumps, and returns), 
identify, using the data packet, a pathway corresponding to the selected portion of the control-flow process from a set of permissible control-flow pathways (Veen: Page 931, right column: section: 3.2.3 Path Verification: The path analyzer is given a path that must be verified. The path is an LBR state containing direct and indirect calls, indirect jumps, and returns. To verify whether it is valid, the analyzer performs a Depth-First Search (DFS) on the CFG to find a path that contains the provided edges in the same order as they were recorded by the LBR. A recorded path is thus considered valid iff: (i) all edges in the LBR state exist within the CFG, and (ii) these edges can be linked together via a valid path of direct edges within the CFG); and 
determine whether the identified pathway corresponds to an expected control-flow behavior (Veen: page 930: Right column, lines 5-26: If the analyzer returns true (meaning that the path was found in the CFG and thus is valid), the kernel module stores a hash of the path in. In the event that on-demand static analysis returns a negative result (no valid path was found in the CFG), the module stops the program and reports that an attack was detected).
Veen does not teach: receive a message indicating that the low-level execution environment has entered a controlled mode of operation; and the data packet pushed into a queue by a target that executes the control-flow process, wherein the data packet cannot be modified after being pushed into the queue, a concurrent access of the queue is not performed in the controlled mode of operation, and the target has exclusive access of the queue in the controlled mode of operation. However, Jeansonne teaches:
receive a message indicating that the low-level execution environment has entered a controlled mode of operation (Jeansonne: [0027]: At operation 302, the processor transmits a signal to the controller indicating when the processor is entering the SMM BIOS mode and thus executing the SMM BIOS code);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Jeansonne in the invention of Veen to include the above limitations. The motivation to do so would be to monitor the expected functionality of the SMM BIOS code during execution enables the controller to detect whether a change has occurred to SMM BIOS code (Jeansonne: [0011]).
And, Larson teaches:
the data packet pushed into a queue by a target that executes the control-flow process, wherein the data packet cannot be modified after being pushed into the queue, a concurrent access of the queue is not performed in the controlled mode of operation, and the target has exclusive access of the queue in the controlled mode of operation (Larson: column 2, lines 39-40: A significant data communication structure used in this arrangement is the reader/writer queue, a sample of which is illustrated in FIG. 3. This queue is simply a segment of processor memory 102 that has been designated by processor 101 as a storage location for data messages that are to be transmitted or received. Column 3, lines 3-37: To prevent any queue contention problems, the semaphore is used and generally comprises a particular bit pattern stored in the memory address location immediately following the memory location identified by the limit pointer. The semaphore is essentially a flag to indicate to a circuit seeking access to the queue whether the queue is idle or currently being accessed by another circuit. In this fashion, the semaphore prevents concurrent access to a queue. Another problem in the use of reader/writer queues is the over writing of a queue so that new data is written into a completely full queue before previously stored data messages have been read out. To prevent such occurrences, the semaphore can be used to set a flag indicating when the queue is full so that newly arrived data messages will not be written therein, i.e., data is not modified once it is pushed into the queue. Column 3, line 45-column 4, line 13: By exchanging such messages, processor 101 and the destination processor accomplish the necessary handshaking to identify a commonly acceptable virtual channel number and to identify, in their respective systems, the actual programs that are requesting this interconnection. Thus, once a virtual channel number has been selected for a particular processor-to-processor intercommunication, such information is included in the header of the data message, and the entire data message is stored in processor memory 102 in the reader/writer queue that is used for outgoing data messages. Since all outgoing data messages having a common destination, communication channel 120, there will be just one reader/writer queue for outgoing data messages and all outgoing messages are stored therein, i.e., the processor 101 has exclusive access to the reader/writer queue).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Larson in the invention of Veen in view of Jeansonne to include the above limitations. The motivation to do so would be to save processor real time and increase the speed of the effective data transfer between the communication channel and the processor since there is no delay while the processor is required to access every data message and either store same in its memory or provide address information as to where the message should be stored (Larson: column 2, lines 1-6).

As per claim 9, Veen in view of Jeansonne and Larson teaches:
The non-transitory machine-readable storage medium of claim 8, wherein the monitor instructions upon execution cause the system to detect a compromise in the low-level execution environment by determining a presence of a discrepancy between the expected control-flow behavior and a monitored control- flow behavior (Veen: page 931: right column: section 3.2.3: Path Verification: The path analyzer is given a path that must be verified. The path is an LBR state containing direct and indirect calls, indirect jumps, and returns. To verify whether it is valid, the analyzer performs a Depth-First Search (DFS) on the CFG to find a path that contains the provided edges in the same order as they were recorded by the LBR. A recorded path is thus considered valid iff: (i) all edges in the LBR state exist within the CFG, and (ii) these edges can be linked together via a valid path of direct edges within the CFG).  

As per claim 11, Veen in view of Jeansonne and Larson teaches:
The non-transitory machine-readable storage medium of claim 8, wherein the low-level execution environment comprises a hypervisor (Jeansonne: [0011]: detecting whether the SMM BIOS code is compromised may be used to strengthen the SMM BIOS code for more security critical functions, such as monitoring a hypervisor and providing other more critical services).

As per claim 12, Veen in view of Jeansonne and Larson teaches:
The non-transitory machine-readable storage medium of claim 8, wherein the monitor instructions upon execution cause the system to compare a return address of a function call when the target enters a function and the return address when the target leaves the function to determine whether there is a tampering of the return address on a system stack (Veen: page 931, left column: section 3.2.1: CFG Generation: 3rd paragraph: For backward edges (i.e., returns), our policies implement a fully context-sensitive resolution strategy, to which we refer as call/return matching. This strategy emulates a runtime call stack by tracking call and return edges as these are encountered. Right column, lines 3-9: Second, call/return matching (discussed in Section 3.2.1) allows us to recognize and discard impossible paths, such as paths that call a function from one call site, and subsequently return to another call site. Without call/return matching, the path search would have no way of identifying such mismatches).  

As per claim 13, Veen in view of Jeansonne and Larson teaches:
The non-transitory machine-readable storage medium of claim 12, further comprising: wherein the monitor instructions upon execution cause the system to:  receive a message before an indirect call containing an address of the function being called; and verify that the address of the function being called corresponds to a valid function and has a type consistent with the expected control- flow behavior (Veen: page 931, left column: section 3.2.1: CFG Generation: 4th paragraph: For forward edges (i.e., indirect calls), our current prototype supports a simple context-sensitive strategy which resolves code pointers propagated across caller-callee pairs with no contrived data flow. This policy lets us unambiguously resolve indirect call sites, at which call targets are loaded as constants and passed as a callback argument. Right column, section 3.2.3 Path Verification: The path analyzer is given a path that must be verified. The path is an LBR state containing direct and indirect calls, indirect jumps, and returns. To verify whether it is valid, the analyzer performs a Depth-First Search (DFS) on the CFG to find a path that contains the provided edges in the same order as they were recorded by the LBR. A recorded path is thus considered valid iff: (i) all edges in the LBR state exist within the CFG, and (ii) these edges can be linked together via a valid path of direct edges within the CFG. Page 932: left column: 3.3.3 Callbacks: 1st and 2nd paragraphs: Instrumenting callback sites is done by looping over all shared library functions and searching for indirect call instructions. For each indirect call instruction, a short snippet of code is inserted that (i) tests if the target of the indirect call lies in the target program’s address space, and (ii) if this is the case, wraps the call instruction in two ioctl() system calls that notify the kernel module that a callback function is entered or exited: (CALLBACK_ENTER and CALLBACK_EXIT, respectively). Whenever the kernel module receives the CALLBACK_ENTER request, it pushes the current LBR state (i.e., the content of the LBR registers as seen before the library function that performs the callback) to an internal stack of LBR contexts).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Veen in view of Jeansonne and Larson as applied to claim 8 above, and further in view of Butterworth.
As per claim 10, Veen in view of Jeansonne and Larson teaches:
The non-transitory machine-readable storage medium of claim 8, wherein the controlled mode of operation is a System Management Mode (SMM) (Jeansonne: (Jeansonne: [0027]: At operation 302, the processor transmits a signal to the controller indicating when the processor is entering the SMM BIOS mode and thus executing the SMM BIOS code)). 
Veen in view of Jeansonne and Larson does not teach: wherein the monitor instructions upon execution cause the system to: receive, in association with a System Management Interrupt (SMI), location information of a System Management RAM (SMRAM); and compare the location information of the SMRAM to expected location information of the SMRAM to detect malicious modification of the location information of the SMRAM. However, Butterworth teaches:
wherein the monitor instructions upon execution cause the system to: receive, in association with a System Management Interrupt (SMI), location information of a System Management RAM (SMRAM); and compare the location information of the SMRAM to expected location information of the SMRAM to detect malicious modification of the location information of the SMRAM (Butterworth: Page 30, right column: section 5.2 What to Measure? As shown in Figure 2 (a), BIOS code (1) instantiates SMRAM (2), which contains the BIOS Chronomancy code (3)-(6). Immediately after instantiating SMRAM, the BIOS sends a signal to the SMI handler requesting that a measurement take place. The SMI handler fields this request and begins executing the BIOS Chronomancy (BC) code. Page 31, right column: section 5.2.2 SMRAM Measurement: After the BC code checks itself, in order to cede minimal space in which an attacker can hide, the entirety of SMRAM must be measured. This provides a measurement of the OEM SMM code which could have been modified by attacks. We also note that it is important to find and measure the SMBASE register, as this tells the processor what the base address for SMRAM should be the next time SMM is entered. At the time our attestation code is invoked, SMRAM has its EBP pointing to address 0x20E and its ESP pointing to 0xDFF0 421E. Our code is compiled to expect the stack frame to point to 0xDFFF FF00, so we have to relocate EBP for the duration of our measurements).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Butterworth in the invention of Veen in view of Jeansonne and Larson to include the above limitations. The motivation to do so would be to create a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS (Butterworth: Abstract).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438