DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions. 

This action is in response to a request for continued examination filed 10/19/21.
Claims 21 and 23-40 are pending.

Response to Arguments
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
More specifically, as indicated below, newly cited Tanaka teaches the claimed attestation token and debugging (see e.g. col. 38, lines 45-49 “a test execution flag”, col. 5, lines 15-19 “debug programs”).

Claim Objections
Claims 21, 32 and 38 are objected to because of the following informalities:
Claim 21 recites “performing a test … wherein the test comprising a plurality of operational integrity tests”. It is believed this would be better written as “performing a test … wherein the test comprises a plurality of operational integrity tests”.
Claims 32 and 38 recite langue similar to that of claim 1 and are thus similarly objected to. 
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 21, 23, 27-31 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over US 2009/0144538 to Duda et al. (Duda) in view of US 2009/0007105 to Fries et al. (Fries) in view of US 2005/0177829 to Vishwanath (Vishwanath) in view of US 6,704,933 to Tanaka et al. (Tanaka).

Claim 21: Duda discloses a method, comprising: 
identifying, by instructions of a temporary file system, a release of an Operating System (OS) associated with a machine during a boot process (par. [0014] “a boot loader is loaded and executed … read the operating system image from flash … the boot loader itself performs the above steps”); 

acquiring, by the instructions of the temporary file system, a module for the OS that supports the release (par. [0014] “patches are read form the flash memory”); 
creating, by the instructions of the temporary file system, the directory hierarchy in a root file system of the OS without rebuilding the root file system being maintained in memory after determining the root file system needs the directory hierarchy (par. [0014] “stores it in RAM as a root file system”); 
managing and maintaining, by the instructions of the temporary file system, a machine image independently from the boot code and a kernel for the OS (Fig. 1, 102 “separately in flash, not modifying the original base image of OS”, Fig. 3, 308 “BIOS Aboot firmware”); and 
injecting, by the instructions of the temporary file system and subsequent to an initial boot sequence, the module into the root file system for supporting the release of the OS needed by the VM without recreating or rebuilding the machine image of the cloud processing environment and without changing the ramdisk (par. [0014] “patches are read form the flash memory … and installed in RAM over the root file system”) by dynamically modifying the root file system to include the module without the rebuilding of the root file system (note that the disclosed patching does not require/involve “rebuilding” the root file system, only modifying it as claimed).

Duda does not disclose identifying a release of the Operating System (OS) associated with a Virtual Machine (VM) within a cloud processing environment; and


Fries discloses identifying a release of an Operating System (OS) associated with a Virtual Machine (VM) within a cloud processing environment (par. [0064] “The rendered VM image is analyzed 4040 to determine its … version information”); and
creating the directory hierarchy after determining the root file system needs the directory hierarchy (par. [0066] “an update engine operates 412 on the rendered VM image”, par. [0067] “indicated updates are applied”).

It would have been obvious at the time of invention to identify a release of an OS associated with a VM (Fries par. [0064] “The rendered VM image is analyzed 4040 to determine its … version information”) and relevant patches for the OS (Duda par. [0014] “patches are read form the flash memory”) after determining the root file system needs the directory based on the version information (Duda par. [0067] “indicated updates are applied”). Those of ordinary skill in the art would have been motivated to do so to provide Duda’s updating functionality within a cloud environment (Fries par. [0009] “a VM may be flagged as needing a specific update”). 

Duda, Fries and do not explicitly teach the instructions provided on a ramdisk; and
identifying a release of the OS during load of a ramdisk. 



It would have been obvious at the time of invention provide instructions one a ramdisk to perform the method during load of, and by a process defined in a ramdisk (Vishwanath par. [0044] “the target boots form the boot image loaded into ramdisk”). Those of ordinary skill in the art would have been motivated to do so as a known mechanism for booting a machine which would have produced only the expected results (i.e. booting from a ramdisk). 

Duda, Fries and Vishwanath do not teach:
performing a test against the module of the OS that supports the file unless an attestation token is present indicating that an operational image comprising the module has already passed the test, wherein the test comprising a plurality of operational integrity tests, wherein performing further includes supervising debugging and revalidation of the module when a test fails.

Tanaka teaches:
performing a test against a module unless an attestation token is present indicating that the module has already passed the test (col. 38, lines 45-49 “a test execution flag corresponding to a program is set”, col. 38, lines 61-64 “Programs to be subjected to test executions are expanded in the temporary storing buffer 180”), wherein the test comprising a plurality of 

It would have been obvious at the time of invention to perform a test against the module (Tanaka col. 38, lines 61-64 “Programs to be subjected to test executions”, Duda par. [0014] “patches are read form the flash memory”) unless an attestation token is present (Tanaka col. 38, lines 45-49 “a test execution flag”) wherein the performing further includes supervising debugging and revalidation of the module (Tanaka col. 5, lines 15-19 “debug programs”). Those of ordinary skill in the art would have been motivated to do so to “improve quality of [the] programs” (Tanaka col. 5, lines 15-19) while minimizing the burden on the developer (e.g. Tanaka col. 4, lines 46-49 “reduces the time necessary to find bugs”).

Claim 23: Duda, Fries, Vishwanath and Tanaka teach the method of claim 21, wherein injecting further includes replacing an existing module with the module within the OS (Fries par. [0067] “updating any files for which a newer version is indicated").

Claim 27: Duda, Fries, Vishwanath and Tanaka teach the method of claim 21, wherein identifying further includes identifying the release when the OS is booted for the VM (Fires par. [0069] “the VM is to be activated and updated 418”).

Claim 28: Duda, Fries, Vishwanath and Tanaka teach the method of claim 21, wherein acquiring further includes determining that files present in the directory hierarchy are missing from the root file system (Fries par. [0009] “updates that are missing”).

Claim 29: Duda, Fries, Vishwanath and Tanaka teach the method of claim 28, wherein determining further includes identifying the files as particular files that are to be processed within the VM with the release (Fries par. [0050] “an operating system … require an update”).

Claim 30: Duda, Fries, Vishwanath and Tanaka teach the method of claim 28, wherein determining further includes determining the file missing from the directory hierarchy by comparing particular files in the release against existing files in the machine image for the file system (Fries par. [0064] “The updated information is checked against the current status of the various software constructs”). 

Claim 31: Duda, Fries, Vishwanath and Tanaka teach the method of claim 21 further comprising, assigning, by the instructions of the temporary file system, a unique identity to the release for the OS having the kernel module that supports the directory hierarchy integrated into the file system for the VM (Fries par. [0061] “metadata information may describe and identify the VHDs”).

Claims 24-26, 32-33 and 35-40 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over US 2009/0144538 to Duda et al. (Duda) in view of US 2009/0007105 to Fries et al. (Fries) in view of US 2005/0177829 to Vishwanath (Vishwanath) in view of US 6,704,933 to Tanaka et al. (Tanaka) in view of US 2009/0144538 to Akgul et al. (Akgul).

Claim 24: Duda, Fries, Vishwanath and Tanaka teach the method of claim 23, but do not explicitly teach replacing further includes changing a pointer that points to the existing module to point to the module.

Akgul teaches replacing further includes changing a pointer that points to the existing module to point to the module (Akgul par. [0040] “when the new or updated module is loaded into the kernel space … the location of the module data is written to the global offset table”)

It would have been obvious at the time of invention to perform the replacing (Fries par. [0067] “updating any files for which a newer version is indicated") by changing a pointer (Akgul par. [0040] “the location of the module data is written to the global offset table”). Those of ordinary skill in the art would have been motivated to do so in order to provide for updating that “do[es] not require a reboot or recompilation of the operating system” (Akgul par. [0011]).

Claim 25: Duda, Fries, Vishwanath and Tanaka teach the method of claim 21, but do not explicitly teach the injecting further includes dynamically adding the module as a new module within the OS.

Akgul teaches injecting including dynamically adding the module as a new module within the OS (Akgul par. [0032] “runtime installation … of kernel modules”).

It would have been obvious at the time of invention to perform the injecting (Duda par. [0014] “installed in RAM over the root file system”) by dynamically adding the module as a new module (Akgul par. [0040] “the location of the module data is written to the global offset table”). Those of ordinary skill in the art would have been motivated to do so in order to provide for updating that “do[es] not require a reboot or recompilation of the operating system” (Akgul par. [0011]).

Claim 26: Duda, Fries, Vishwanath and Tanaka teach the method of claim 21, but do not explicitly teach wherein injecting further includes adding additional modules into the OS for supporting features of the directory hierarchy. 

Akgul teaches injecting including adding additional modules into the OS for supporting features of the directory hierarchy (Akgul par. [0032] “runtime installation … of kernel modules”, par. [0036] “modules for supporting an application”). 

It would have been obvious at the time of invention to perform the injecting (Duda par. [0014] “installed in RAM over the root file system”) by dynamically adding modules into the OS for supporting features of the directory hierarchy (Akgul par. [0032] “runtime installation … of 

Claim 32: Duda discloses a method, comprising: 
comparing, by instructions of a temporary file system, a machine image of a file system of an Operating System (OS) machine against a running file system when the OS is loaded into an environment from a boot process (par. [0014] “read the operating system image from flash”, par. [0014] “the boot loader itself performs the above steps”); 
identifying, by instructions of a temporary file system, at least one file present in the machine image and missing from the running file system in response to the comparing (par. [0014] “patches are read form the flash memory”); 
injecting, by instructions of a temporary file system, an update into the OS that supports the file in response to the identifying after an initial boot sequence for the OS (par. [0014] “patches are read form the flash memory … and installed in RAM over the root file system”); 
managing and maintaining, by instructions of a temporary file system, a machine image independently from the boot code for the VM and a kernel for the OS (Fig. 1, 102 “separately in flash, not modifying the original base image of OS”, Fig. 3, 308 “BIOS Aboot firmware”); and 
updating, by instructions of a temporary file system, the running file system with the at least one file without rebuilding the running file system and without recreating or rebuilding the machine image and without changing the boot code (par. [0014] “patches are … installed in 

Duda does not disclose the OS is used by a virtual machine (VM) or a file system of a cloud processing environment. 

Fries teaches comparing a file system of an OS used by a VM (par. [0064] “The rendered VM image is analyzed to determine its … version information”) and a file system of a cloud processing environment (par. [0061] “the file-system data”).

It would have been obvious at the time of invention to compare a machine image of an OS associated with a VM (Fries par. [0064] “The rendered VM image is analyzed 4040 to determine its … version information”) with a file system of a cloud processing environment (Fries par. [0061] “the file-system data”) using version information of the kernel (Fires par. [0064] “version information”). Those of ordinary skill in the art would have been motivated to do so to identify desired patches and provide Duda’s updating functionality within a cloud environment (Fries par. [0009] “a VM may be flagged as needing a specific update”, Duda par. [0023] “desired patches”).

Duda, and Fries do not explicitly teach the instructions provided on a ramdisk;
performing the comparison when the OS is loaded into a cloud processing environment from the ramdisk; 


Vishwanath teaches instructions provided on a ramdisk (par. [0044] “boot image loaded into ramdisk”) for performing a boot process performed during the load of a ramdisk and performed by a process defined in the ramdisk (par. [0044] “the target boots form the boot image loaded into ramdisk”).

It would have been obvious at the time of invention to perform the method during load of, and by a process defined in a ramdisk (Vishwanath par. [0044] “the target boots form the boot image loaded into ramdisk”). Those of ordinary skill in the art would have been motivated to do so as a known mechanism for booting a machine which would have produced only the expected results (i.e. booting from a ramdisk). 

Duda, Fries, and Vishwanath do not teach:
performing a test against the module of the OS that supports the file unless an attestation token is present indicating that an operational image comprising the module has already passed the test, wherein the test comprising a plurality of operational integrity tests, wherein performing further includes supervising debugging and revalidation of the module when a test fails.

Tanaka teaches:


It would have been obvious at the time of invention to perform a test against the module (Tanaka col. 38, lines 61-64 “Programs to be subjected to test executions”, Duda par. [0014] “patches are read form the flash memory”) unless an attestation token is present (Tanaka col. 38, lines 45-49 “a test execution flag”) wherein the performing further includes supervising debugging and revalidation of the module (Tanaka col. 5, lines 15-19 “debug programs”). Those of ordinary skill in the art would have been motivated to do so to “improve quality of [the] programs” (Tanaka col. 5, lines 15-19) while minimizing the burden on the developer (e.g. Tanaka col. 4, lines 46-49 “reduces the time necessary to find bugs”).

Duda, Fries, Vishwanath and Tanaka do not explicitly teach injecting a kernel module into the OS.



It would have been obvious at the time of invention to inject the module into the root file system (Fries par. [0067] “indicated updates are applied", Akgul par. [0032] “any kernel module … can be dynamically loaded”). Those of ordinary skill in the art would have been motivated to do so in order to provide for updating that “do[es] not require a reboot or recompilation of the operating system” (Akgul par. [0011]).

Claim 33: Duda, Fries, Vishwanath, Tanaka and Akgul teach the method of claim 32, wherein comparing further includes initiating the comparing upon an attempted reboot of the OS (Fires par. [0069] “the VM is to be activated and updated 418”).

Claim 35: Duda, Fries, Vishwanath, Tanaka and Akgul teach the method of claim 32, wherein injecting further includes obtaining the kernel module from the machine image (Fries par. [0062] “the files within the virtual machine image may be available").

Claim 36: Duda, Fries, Vishwanath, Tanaka and Akgul teach the method of claim 32, wherein injecting further includes searching and locating the kernel module in response to identifying the at least one file (Fries par. [0072] “The update information may be obtained remotely, for example via the internet”).

Claim 37: Duda, Fries, Vishwanath, Tanaka and Akgul teach the method of claim 32 further comprising assigning a unique identity to the file system having the updated at least one file (par. [0061] “metadata information may describe and identify the VHDs”).

Claim 38: Duda discloses a system, comprising: 
at least one physical processor can be configured to execute program instructions of a temporary file system (par. [0014] “the boot loader”), which when executed cause the at least one physical processor to: 
identify a modification to an operating system (OS) during a load of the machine from a boot process (par. [0014] “patches are read form the flash memory”, par. [0014] “the boot loader itself performs the above steps”); 
obtain a directory hierarchy not supported in a root file system of the cloud processing environment (par. [0014] “stores it in RAM as a root file system”); 
inject code into the OS that supports the directory hierarchy after an initial boot sequence (par. [0014] “patches are read form the flash memory … and installed in RAM over the root file system”); 
manage and maintain a machine image independently from the boot code for the at least one machine and a kernel for the OS with respect to the kernel module (Fig. 1, 102 “separately in flash, not modifying the original base image of OS”, Fig. 3, 308 “BIOS Aboot firmware”); and


Duda does not disclose:
a cloud computing environment; 
a plurality of Virtual Machines (VMS) configured to process within the cloud computing environment; 
at least one physical processor within the cloud computing environment; 
an operating system (OS) used by at least one of the VMs. 

Fries teaches:
a cloud computing environment (Fig. 2B); 
a plurality of Virtual Machines (VMS) configured to process within the cloud computing environment (Fig. 2B, Virtual Machine 108 and 110); 
at least one physical processor within the cloud computing environment (Fig. 2b Computer Hardware 102); 
an operating system (OS) used by at least one of the VMs (par. [0050]). 



Duda and Fries do not explicitly teach the instructions provided on a ramdisk; and
loading the at least one VM from a ramdisk. 

Vishwanath teaches instructions provided on a ramdisk par. [0044] “boot image loaded into ramdisk”) for performing a boot process performed during the load of a ramdisk and performed by a process defined in the ramdisk (par. [0044] “the target boots form the boot image loaded into ramdisk”).

It would have been obvious at the time of invention to perform the method during load of, and by a process defined in a ramdisk (Vishwanath par. [0044] “the target boots form the boot image loaded into ramdisk”). Those of ordinary skill in the art would have been motivated to do so as a known mechanism for booting a machine which would have produced only the expected results (i.e. booting from a ramdisk). 


performing a test against the module of the OS that supports the file unless an attestation token is present indicating that an operational image comprising the module has already passed the test, wherein the test comprising a plurality of operational integrity tests, wherein performing further includes supervising debugging and revalidation of the module when a test fails.

Tanaka teaches:
performing a test against a module unless an attestation token is present indicating that the module has already passed the test (col. 38, lines 45-49 “a test execution flag corresponding to a program is set”, col. 38, lines 61-64 “Programs to be subjected to test executions are expanded in the temporary storing buffer 180”), wherein the test comprising a plurality of operational integrity tests (col. 39, lines 37-41 “receives test cases that are sent from the broadcast center”), wherein performing further includes supervising debugging and revalidation of the module when a test fails (col. 5, lines 15-19 “uses this information to debug programs”, col. 39, lines 37-41 “programs stored in the temporary storing buffer 180 are validated”).

It would have been obvious at the time of invention to perform a test against the module (Tanaka col. 38, lines 61-64 “Programs to be subjected to test executions”, Duda par. [0014] “patches are read form the flash memory”) unless an attestation token is present (Tanaka col. 38, lines 45-49 “a test execution flag”) wherein the performing further includes supervising 

Duda, Fries, Vishwanath and Tanaka do not explicitly teach injecting a kernel module into the OS.

Akgul teaches injecting kernel modules into an operating system (e.g. par. [0032] “any kernel module of the operating system can be dynamically loaded at runtime without necessitating a reboot or recompilation of the system”).

It would have been obvious at the time of invention to inject the module into the root file system (Fries par. [0067] “indicated updates are applied", Akgul par. [0032] “any kernel module … can be dynamically loaded”). Those of ordinary skill in the art would have been motivated to do so in order to provide for updating that “do[es] not require a reboot or recompilation of the operating system” (Akgul par. [0011]).

Claim 39: Duda, Fries, Vishwanath, Tanaka and Akgul teach the system of claim 38, wherein the instruction to identify the modification is identified during a boot of the at least one VM (par. [0069] “the VM is to be activated and updated 418”).

Claim 40: Duda, Fries, Vishwanath, Tanaka and Akgul teach the system of claim 38, wherein the instruction to inject the kernel module further includes locating the kernel module in response to at least one file in the directory hierarchy (Fries par. [0072] “The update information may be obtained remotely, for example via the internet”).

Claim 34 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over US 2009/0144538 to Duda et al. (Duda) in view of US 2009/0007105 to Fries et al. (Fries) in view of US 2005/0177829 to Vishwanath (Vishwanath) in view of US 6,704,933 to Tanaka et al. (Tanaka) in view of US 2009/0144538 to Akgul et al. (Akgul) in view of Official Notice.

Claim 34: Duda, Fries, Vishwanath, Tanaka and Akgul teach the method of claim 32, wherein injecting further includes requesting the kernel module from a remote source (Fries par. [0072] “The update information may be obtained remotely, for example via the internet”).

Duda, Fries, Vishwanath, Tanaka and Akgul do not explicitly teach the remote source is a third-party service.

It is officially noted that third-parties were commonly known in the art as sources of new and updated software.

It would have been obvious at the time of invention to request the kernel module (Fries par. [0072] “The update information may be obtained … via the internet”) form a third-party .

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON D MITCHELL whose telephone number is (571)272-3728. The examiner can normally be reached Monday through Thursday 7:00am - 4:30pm and alternate Fridays 7:00am 3:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on (571)272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JASON D MITCHELL/Primary Examiner, Art Unit 2199