DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to original application filed on 02/25/2020. Claims 1-20 have been examined and are pending in this application.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 15 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 15 recites the limitation "the specific hardware" in lines 1-2.  There is insufficient antecedent basis for this limitation in the claim. It appears that claim 15 should depend from claim 14.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

s 1-11 and 13-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tkacik et al. US 2014/0281354 (“Tkacik”).
As per independent claim 1, Tkacik teaches A computer-implemented method (A run-time integrity checking (RTIC) method is provided, para 0015), the method comprising:
maintaining (Referring to FIG. 3, RTIC data structure comprises page tables 303 and page table 304, para 0022 and FIG. 3. Page table 303 comprises a plurality of page entries 321, 322, 323, and 324. For each entry of the page table 303, a reference hash column 311 stores a reference hash value for the memory page, para 0023 and FIG. 3. Page table 304 comprises a plurality of entries 331, 332, 333, and 334. For each entry in page table 304, a reference hash column 317 stores a reference hash value for the page, para 0024 and FIG. 3), by a first one of a plurality of memory management layers of a hypervisor environment (Table 304 may represent a different application of run-time integrity checking, such as a guest operating system checking the software code of an application program, paras 0023-0024 and FIG. 3. Furthermore, table 303 may represent one application of run-time integrity checking, such as for a hypervisor checking the software code of an operating system, paras 0023-0024, paras 0023-0024 and FIG. 3. Thus, a plurality of memory management layers (guest operating system and hypervisor) manages page tables), at least one blockchain-based hash chain associated with a page table of the first memory management layer (Referring to FIG. 3, RTIC data structure comprises page tables 303 and page table 304, para 0022 and FIG. 3. Page table 303 comprises a plurality of page entries 321, 322, 323, and 324. For each entry of the page table 303, a reference the page table corresponding to a plurality of memory pages (Referring to FIG. 3, page table 303 comprises a plurality of page entries 321, 322, 323, and 324, para 0023. Page table 304 comprises a plurality of page entries 331, 332, 333, and 334, para 0024), wherein the at least one blockchain-based hash chain comprises, for each of the plurality of memory pages: (i) a current hash associated with the memory page (Referring to FIG. 3, page table entry 332 of page table 304 has a hash valid bit (column 314 of page table 304) set to 1 which indicates that the reference hash value 317 corresponding to page table entry 332 is valid, para 0023 and FIG. 3) and (ii) a previous hash associated with an immediately preceding memory page corresponding to the page table (Referring to FIG. 3, page table entry 331 of page table 304 has, which is the immediately preceding page table entry with respect to page table entry 332, a hash valid bit (column 314 of page table 304) set to 1 which indicates that the reference hash value 317 corresponding to page table entry 331 is valid, para 0023 and FIG. 3);
verifying (Table 303 may represent one application of run-time integrity checking, such as for a hypervisor checking the software code of an operating system, paras 0023-0024, while table 304 may represent a different application of run-time integrity checking, such as a guest operating system checking the software code of an application program, paras 0023-0024 and FIG. 3), by the first memory management layer (Table 304 may represent a different application of run-time integrity checking, a guest operating system checking the software code of an application program, paras 0023-0024 and FIG. 3), content obtained in connection with a read operation for a given one of the plurality of memory pages (The RTIC system will check an enable bit (enable bit when enabled indicates that the page is resident in memory, para 0057) for a page, follow a pointer to the page, and read the page (i.e., read the content of the page), para 0056), wherein said verifying comprises at least: (i) checking that a hash of the obtained content (The RTIC system will check an enable bit (enable bit when enabled indicates that the page is resident in memory, para 0057) for a page, follow a pointer to the page, and read the page (i.e., read the content of the page), and calculate a hash value for the page, para 0056) matches the current hash maintained in the at least one blockchain-based hash chain for the given memory page (The RTIC system then compares the calculated hash value with the stored reference hash value retrieved from the page table, para 0056, and determine whether the calculated hash value matches the stored reference hash value), (ii) obtaining further content of the memory page associated with the page table that immediately precedes the given memory page, and (iii) checking that a hash of the further content matches the previous hash maintained in the at least one blockchain- based hash chain for the given memory page (The RTIC system may continue to the next entry in the table and may wrap around to the beginning of the table after reaching the end of the table, or continue with checking the next table, para 0056);
wherein the method is carried out by at least one computing device (The disclosure relates to integrity checking in an information processing system, para 0002, such as the information processing system illustrated in FIG. 1, para 0020 and FIG. 1).
wherein the plurality of memory pages comprise at least one of: (i) one or more read-only pages (The page-based RTIC technique may be used, for example, by an operating system checking itself (read-only pages), para 0016) and (ii) one or more updateable pages (The page-based RTIC technique may be used, for example, by an operating system checking to check applications (read-write pages) running under the operating system, para 0016).
As per dependent claim 3, Tkacik discloses the method of claim 2. Tkacik teaches wherein the at least one blockchain-based hash chain comprises one or more first blockchain-based hash chains and one or more second blockchain-based hash chains, and wherein said maintaining comprises: maintaining the one or more first blockchain-based hash chains in the page table for the one or more read-only pages (The page-based RTIC technique may be used, for example, by an operating system checking itself (read-only pages), para 0016);
maintaining the one or more second blockchain-based hash chains for the one or more updatable pages (The page-based RTIC technique may be used, for example, by an operating system checking to check applications (read-write pages) running under the operating system, para 0016), wherein the one or more first blockchain-based hash chains are mutually disjoint from the one or more second blockchain-based hash chains (The operating system pages are clearly disjoint from the application pages. Accordingly, their respective hash values of pages are also disjoint).
wherein said maintaining comprises: updating at least one of the second blockchain-based hash chains in the page table in response to a change to page content of at least one of the updatable pages (If an operating system moves pages around in memory, that operating system informs the RTIC system not to check while the operating system is changing the memory contents, which may be performed, for example, by modifying enable bits for the relevant pages to disable the RTIC system with respect to those pages, then moving the pages, then re-enabling enable bits for the relevant pages to re-enable the RTIC system with respect to those pages, para 0055).
As per dependent claim 5, Tkacik discloses the method of claim 2. Tkacik teaches wherein the one or more updateable pages comprise application data (The page-based RTIC technique may be used, for example, by an operating system checking to check applications (read-write pages) running under the operating system, para 0016).
As per dependent claim 6, Tkacik discloses the method of claim 2. Tkacik teaches wherein the one or more read-only pages comprise data corresponding to least one of (i) a booting subroutine (Calculation of a hash value may also be used to provide secure boot functionality, where the calculated hash value may be compared against a stored hash value of a boot software image to assure that the boot software image has not been altered, para 0005), (ii) an exception handler (Page-based RTIC may be applied to system software, para 0017), and (iii) a dynamic link library (Page-based RTIC may be applied not only to system software, such as a boot code image, 
As per dependent claim 7, Tkacik discloses the method of claim 1. Tkacik teaches wherein the plurality of memory management layers comprises one or more other memory management layers that are lower than the first memory management layer in the hypervisor environment (Table 303 may represent one application of run-time integrity checking, such as for a hypervisor checking the software code of an operating system, paras 0023-0024, paras 0023-0024 and FIG. 3).
As per dependent claim 8, Tkacik discloses the method of claim 1. Tkacik teaches wherein a further one of the plurality of memory management layers in the hypervisor environment independently maintains one or more further blockchain-based hash chains to protect memory associated with the further memory management layer from at least one memory management layer of the hypervisor environment that is lower than the further memory management layer (RTIC as described may be applied to any of several levels of an information storage hierarchy, which may include, for example, level 1 (L1) cache, level 2 (L2) cache, and the like, e.g., L3 cache, para 0033).
As per dependent claim 9, Tkacik discloses the method of claim 1. Tkacik teaches wherein each of the plurality of memory management layers corresponds to at least one of: (i) a host operating system (The method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system to perform run-time integrity checking on the contents of memory, para 0015), (ii) a guest virtual machine (Table 304 may represent a different a guest operating system checking the software code of an application program, paras 0023-0024 and FIG. 3), (iii) a main memory (RTIC as described may be applied to any of several levels of an information storage hierarchy, which may include, for example, main RAM, secondary RAM, one or more level of non-volatile storage, and the like, para 0033), (iv) L1 Cache (RTIC as described may be applied to any of several levels of an information storage hierarchy, which may include, for example, level 1 (L1) cache, level 2 (L2) cache, and the like, para 0033), (v) L2 Cache (RTIC as described may be applied to any of several levels of an information storage hierarchy, which may include, for example, level 1 (L1) cache, level 2 (L2) cache, and the like, para 0033), and (vi) L3 cache (RTIC as described may be applied to any of several levels of an information storage hierarchy, which may include, for example, level 1 (L1) cache, level 2 (L2) cache, and the like, e.g., L3 cache, para 0033).
As per dependent claim 10, Tkacik discloses the method of claim 1. Tkacik teaches comprising: periodically checking the integrity of the at least one blockchain-based hash chain in its entirety (FIG. 4 is a block diagram illustrating a data structure wherein a hash of hashes for individual data blocks is generated. Hash generation data structure 400 comprises data page 401, data page 402, data page 403, data page 404, data page hash value 411, data page hash value 412, data page hash value 413, data page hash value 414, and overall hash value 415, para 0025 and FIG. 4).
As per dependent claim 11, Tkacik discloses the method of claim 1. Tkacik teaches wherein the first memory management layer corresponds to a guest virtual machine, and wherein maintaining the at least one blockchain-based hash chain protects memory associated with the guest virtual machine from one or more of: at least one other memory management layer of the hypervisor environment and at least one other memory management layer of the guest virtual machine (Table 304 may represent a different application of run-time integrity checking, such as a guest operating system checking the software code of an application program, paras 0023-0024 and FIG. 3).
As per dependent claim 13, Tkacik discloses the method of claim 1. Tkacik teaches comprising: preventing one or more types of memory attacks based at least in part on the at least one blockchain-based hash chain (While a secure boot process may provide verification when an information processing system initially begins operation, it may be unable to provide any assurance that the information processing system continues to operate correctly. The secure boot process may be unable to detect memory corruption due to a memory failure or to a malicious attack on the information processing system that may occur sometime after the secure boot process is completed, para 0047. Accordingly, the secure boot process may prevent attack when the information processing system initially begins operations and shortly thereafter).
As per dependent claim 14, Tkacik discloses the method of claim 1. Tkacik teaches comprising: utilizing specific hardware in conjunction with maintaining the at least one blockchain-based hash chain to protect confidentiality of memory contents associated with the first memory management layer from one or more of the other memory management layers of the hypervisor environment (Hardware is provided to maintain a list of pages with assigned reference hash values, para 0050).
As per dependent claim 15, Tkacik discloses the method of claim 1. Tkacik teaches wherein the specific hardware comprises a secure processor that manages keys for encrypting the memory contents of the memory associated with the first memory management layer (If a hash value is to be generated by a hash function performed according to a hash algorithm, examples of such hash algorithms include any algorithm defined in FIPS 180-3 (e.g., SHA-1, SHA-224, SHA-256, SHA-384, SHA-512), any algorithm defined by secure hash standard (FIPS 180-3) (e.g., SHA-3), the MD5 algorithm, any Message Authentication Code (MAC) algorithm, any Keyed Message Authentication Code algorithm, any Cyclic Redundancy Check (CRC) algorithm, para 0021. See FIG. 1 for processor 109 or processor core 110).
As per dependent claim 16, Tkacik discloses the method of claim 1. Tkacik teaches comprising: detecting, by the first memory management layer, that at least one other one of the plurality of memory management layers of the hypervisor environment changed the content of one of the memory pages associated with the first memory management layer (A response indicator to indicate what type of response should occur to the detection of a mismatch when comparing a hash value to a stored reference hash value is shown under response column 205 for each of entries 211, 212, 213, and 214, para 0021 and FIG. 2).
As per claims 17-18, these claims are respectively rejected based on arguments provided above for similar rejected claims 1-2. For computer program product on a non-
As per independent claim 19, this claim is rejected based on arguments provided above for similar rejected independent claim 1. See FIG. 1 of Tkacik for processor 109 or processor core 110 and external memory 102.
As per independent claim 20, this claim is rejected based on arguments provided above for similar rejected independent claim 1. Table 304 illustrated in FIG. 3 of Tkacik is maintained by a guest operating system.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Tkacik in view of applicant provided prior art Kataria et al. US 2017/0300430 (“Kataria”).
As per dependent claim 12, Tkacik discloses the method of claim 1. Tkacik may not explicitly disclose, but in an analogous art in the same field of endeavor, Kataria teaches wherein the hypervisor environment implements at least one of: (i) shadow paging (Shadow page tables are used, para 0060), (ii) nested paging (Nested page tables 222 are used, para 0060), and (iii) para-virtualization (Virtualization software 110 includes virtual machine monitors (VMMs) 112, which 
Given the teaching of Kataria, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Tkacik with “wherein the hypervisor environment implements at least one of: (i) shadow paging, (ii) nested paging, and (iii) para-virtualization”. The motivation would be that mechanisms are provided to protect guest integrity drivers executing on a virtual machine, para 0013 of Kataria. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZUBAIR AHMED whose telephone number is (571)272-1655. The examiner can normally be reached 7:30AM - 5:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, DAVID X YI can be reached on (571) 270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-





/ZUBAIR AHMED/
Examiner, Art Unit 2132                                                                                                                                                                                             
/DAVID YI/Supervisory Patent Examiner, Art Unit 2132