DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is responsive to the communication filed 4/30/2020.
Claims 1-20 are presented for examination.
Note: According to [0023] (i.e., “The runtimes 193A-B may be a software module or environment that supports execution, such as application execution, code execution, command execution, etc”) and [0030] (i.e., “owner 220 may supply an introspection service, module or program to the TEE instance 210 in the form of bytecode 225. The bytecode may be WebAssembly (“WASM”) bytecode”) from the specification, both of claimed “a runtime” from Claims 14 or “an introspection module” from Claim 1 are software components instead of components contain hardware. Thereby, the limitations related to either the introspection module and runtime at the claims would not trigger or cause 112(f) related discussion or analysis.

Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirely as 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 4/30/2020.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 15 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding to Claim 15, the meaning of “wherein a hypervisor is configured to supply the introspection commands to the runtime” at lines 2-3 is not clear. First of all, Claim 15 depends on Claim 14 and Claim 14 describes the claimed introspection commands as “receive introspection commands through an introspection channel, wherein the introspection channel is created between the runtime and the owner”. Using Fig. 2 of the invention for a better 
For the purpose of examination, examiner interprets the limitation as the owner supplies the introspection commands to the runtime.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:



Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  

Regarding to Claim 1, Claim 1 is a system claim and recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “validate at least one memory access associated with the workload” and “determine a status of a result of the introspection command, wherein the status is one of a failure status and a success status”). Steps/actions performed mentally or with a pen or paper have been found by the courts to be abstract.
The additional limitations like “a memory”, “a processor”, “a hypervisor”, “a trusted execution environment”, “a workload”, “an introspection module” and “execute an introspection command” are merely citing a computer or computer components to perform the abstract idea. Such additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole.
Thereby, Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
 
Claims 2-9 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
In addition for each of Claim 2-3 and 7-9, the further limitations from each claims are specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, those claims are also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition for claim 4, similar as Claim 1, the limitation “compare that at least one memory access to the predetermined pattern” is step/action to be performed mentally (like evaluation, judgement, opinion) that is considered as abstract idea by the courts. The additional limitation “an instruction” is merely applying the abstract idea by a computing device. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 4 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition for Claim 5, the further limitations is specifying some additional context of the step/action that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, Claim 5 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition for Claim 6, the additional limitation “an encrypted virtual machine” is merely citing a computer component to perform the abstract idea. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor an abstract idea) without significantly more.

Regarding to Claim 10, similar as Claim 1, Claim 10 recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “validate at least one memory access associated with the workload” and “determining … a status of a result of the introspection command, wherein the status is one of a failure status and a success status”).
The additional limitation like “provisioning a trusted execution environment (TEE) with a workload, wherein the workload includes an introspection module” is merely generally linking the use of the judicial exception to a particular technical environment or filed of use, i.e., performing the abstract idea on the TEE. Some additional limitation “executing, by the introspection module, an introspection command according to an introspection policy” is merely citing a computer or computer components to perform the abstract idea. Such two types of additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole.
Thereby, Claim 10 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Claims 11-13 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
an abstract idea) without significantly more.
In addition to Claim 12, the additional limitation “stop execution of the TEE” is merely a generic computing function of stopping execution of a computing component. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 12 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition to Claim 13, similar as Claim 10, the limitation “compare that at least one memory access to the predetermined pattern” is step/action to be performed mentally (like evaluation, judgement, opinion) that is considered as abstract idea by the courts. The additional limitation “the failure status indicates that the at least one memory access matches a predetermined pattern” is specifying some additional contexts of the step/action that is considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitation “an instruction” is merely applying the abstract idea by a computing device. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 13 is also an abstract idea) without significantly more.

Regarding to Claim 14, similar as Claim 1, Claim 10 recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “receive introspection commands”, “validate at least one memory access associated with the workload” and “determining … a status of a result of the introspection command, wherein the status is one of a failure status and a success status”).
The additional limitations like “a memory”, “a processor”, “a trusted execution environment”, “a runtime executing within the TEE”, “introspection channel is created between the runtime and the owner” and “execute the introspection commands” are merely citing a computer or computer components to perform the abstract idea. The other additional limitation like “load a pre-generated memory accessing code into the TEE” is merely citing a generic computing function of loading codes/instructions to the execution environment for executions performed by a generic computer device. Such two types of additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole.
Thereby, Claim 14 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Claims 15-20 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
In addition to Claim 15, the additional limitations “encrypted connection” and “a hypervisor” are merely citing a computer or computer components to perform the abstract idea. The additional limitation “supplying the introspection command to the runtime” is merely a generic computing function of supplying command instruction to a computing component. Such two types of additional limitations are neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 11 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition to each of Claims 16-18, the further limitations from each claims are specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, those claims are also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition to Claim 19, the further limitation “the failure status indicates … matches a predetermined patterns” is specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitation “stop execution of the TEE” is merely a generic computing function of stopping execution of a computing component. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 19 is also rejected under 35 U.S.C. 101 an abstract idea) without significantly more.
In addition for Claim 20, the further limitations is specifying some additional context of the step/action that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, Claim 20 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-5, 8-10 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US Patent 9596261 B1, Lukacs) in view of Frank et al. (US PGPUB 20180285561A1, hereafter Frank).

Regarding to Claim 1, Lukacs discloses: 1. A system comprising:
a memory; a processor in communication with the memory (see Figs. 1, 4, lines 31-39 of col. 6 and lines 67-4 of col. 10-11, “Controller hub 24 generically represents the plurality of system, peripheral, and/or chipset buses, and/or all other circuitry enabling the communication between processor 12 and devices 14, 16, 18, 20 and 22” );
a hypervisor (see Figs. 2A-2C, lines 45-51 of col. 6; “host system 10 uses hardware virtualization technology to operate a set of guest virtual machines 52 a-b exposed by a hypervisor 50”); and
a trusted execution environment (TEE), wherein the TEE is provisioned with a workload and includes an introspection module (see Fig. 2A-2C, lines 48-55 of col. 21; “The computer security module may execute outside the protected VMs (for instance, at the level of a hypervisor) or inside the protected VM”, emphasis added. The trusted/protected VM, i.e., claimed trusted execution environment, was provisioned with a computer security module, i.e., claimed workload that includes an introspection module) that is configured to:
execute an introspection command, the introspection command configured to validate at least one memory access associated with the workload (see Fig. 11, lines 3-23 of col. 8 and lines 13-30 of col. 18; “The term “introspection” is used herein to denote activities performed by CSM 60 … determining whether software executing within the respective VM performs certain actions, such as executing certain processor instructions, accessing certain hardware resources, using certain services of the OS, accessing certain memory locations” and “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM”), and


Lukacs does not disclose: execute an introspection command according to an introspection policy.
However, Frank discloses: execute a memory access related command according to a memory accessible policy (see [0041]-[00043]; “detect execution of code that resides in the guest OS user space 114 by the code running in kernel mode, a CPU security feature such as Intel SMEP” and “The page's owner flag defines if this page can be accessed, that is, if a page belongs to the OS kernel which is executed in a supervisor mode, the page cannot be accessed from a user-mode application”. The commands to access memory locations are executed according to a policy that indicates which memory location of the guest/VM is allowable to be accessed for the commands. Also see “the shadow page table entry (SPTE) describing a guest address” from [0016]).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the executions of the introspection commands from Lukacs by including using memory accessible policy to enforce executions of memory access commands from Frank, and thus the combination of Lukacs and Frank would disclose the missing limitation from Lukacs (note: see lines 3-23 of col. 8 from Lukacs, the introspection 

Regarding to Claim 2, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the failure status indicates that the at least one memory access matches a predetermined pattern (see lines 13-30 of col. 18 from Lukacs and [0012] from Frank; “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM … the current trigger event indicates a threat” and “analyzing the exploitation patterns against predetermined malicious or potentially malicious patterns, to determine whether the exploitation patterns from the instructions is malicious or potentially malicious”).

Regarding to Claim 4, the rejection of Claim 2 is incorporated and further the combination of Lukacs and Frank discloses: wherein the introspection command includes an instruction to compare the at least one memory access to the predetermined pattern (see lines 13-30 of col. 18 from Lukacs and [0012] from Frank; “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM … the current trigger event indicates a threat” and “analyzing the exploitation patterns against predetermined malicious or potentially malicious patterns, to 

Regarding to Claim 5, the rejection of Claim 4 is incorporated and further the combination of Lukacs and Frank discloses: wherein the predetermined pattern includes a pattern of at least one of memory reads from the memory, memory writes to the memory, URLs visited by the workload, files accessed by the workload, messages sent by the workload, types of data read from the memory, and types of data written to the memory (see lines 3-23 of col. 8 and lines 13-30 of col. 18 from Lukacs; “introspection comprise determining memory addresses used by various software objects executing within the respective VM, and/or controlling access to a memory location indicated by such addresses. In some embodiments, CSM 60 uses information obtained via introspection to determine whether certain software objects within the respective VM are malicious” and “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM”).

Regarding to Claim 8, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the introspection policy specifies which parts of the TEE are exposed to the introspection command or the introspection module, and the introspection policy grants the introspection module read access to a first portion of memory (see lines 3-23 of col. 8 from Lukacs, [0016], [0041]-[0043] from Frank; “the shadow page table entry (SPTE) describing a guest address” and “The page's owner flag defines if this page can be 

Regarding to Claim 9, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the introspection policy specifies at least one (i) an address the introspection module has access to and (ii) an accelerator that the introspection module has access to (see lines 3-23 of col. 8 from Lukacs, [0016], [0041]-[0043] from Frank; “the shadow page table entry (SPTE) describing a guest address” and “The page's owner flag defines if this page can be accessed”. Note: as explained at Claim 1, the combination of Lukacs and Frank would disclose applying the SPTE for the introspection command).

Regarding to Claim 10, Claim 10 is rejected for the same reason set forth in the rejection of Claim 1 above.

Regarding to Claim 12, the rejection of Claim 10 is incorporated and further the combination of Lukacs and Frank discloses: responsive to determining the status is the failure status, stopping execution of the TEE (see lines 23-30 of col. 18 from Lukacs; “blocking or quarantining the respective process, or otherwise preventing the respective process from executing”).

Regarding to Claim 13, the rejection of Claim 10 is incorporated and further Claim 13 is a method claim corresponds to system Claims 2 and 4 and is rejected for the same reasons set forth in the rejections of Claims 2 and 4 above.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US Patent 9596261 B1, Lukacs) in view of Frank et al. (US PGPUB 20180285561A1, hereafter Frank) and further in view of Tsirkin et al. (US PGPUB 20190068555 A1, hereafter Tsirkin).

Regarding to Claim 3, the rejection of Claim 2 is incorporated, the combination of Lukacs and Frank does not disclose: wherein the hypervisor is configured to provide the predetermined pattern to the TEE.
However, Tsirkin discloses: after the virtual machine determines which operation contains threat, the hypervisor is configured to create filter rule containing predetermined pattern of threat and provide such filter rule for future threat determinations (see [0021]).
  It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the process of determining threat for virtual machine memory access event from the combination of Lukacs and Frank by including utilizing hypervisor to generate filtering rule represents threat patterns for future threat determination from Tsirkin, and thus the combination of Lukacs, Frank and Tsirkin discloses the missing limitations from the combination of Lukacs and Frank (see Fig. 12 and lines 39-25 of cols. 18-19 from Lukacs, Lukacs also discusses utilizing certain filters during determining threat or during performing the introspection command; however such filters are provided by the CSM which is located at VM itself. By applying the features from Tsirkin, the filter rules can further includes .

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US Patent 9596261 B1, Lukacs) in view of Frank et al. (US PGPUB 20180285561A1, hereafter Frank) and further in view of Faynberg et al. (US PGPUB 20170063801 A1, hereafter Faynberg).

Regarding to Claim 6, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the TEE is an protected virtual machine (see Fig. 2 and lines 23-25 of col. 8 from Lukacs; “delivering introspection notifications from software executing within a protected VM”).
The combination of Lukacs and Frank does not disclose the protected virtual machine is an encrypted virtual machine.
However, Faynberg discloses: a trusted execution environment or a protected virtual machine is an encrypted virtual machine (see [0018] and [0034]; “The two exemplary virtual machines 510-1 and 510-2 are implemented using a hypervisor 520 and communicate over an encrypted pipe 535”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the protected VMs from the combination of Lukacs and Frank by including protected VMs being encrypted VMs from Faynberg, and thus the .

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US Patent 9596261 B1, Lukacs) in view of Frank et al. (US PGPUB 20180285561A1, hereafter Frank) and further in view of Black et al. (US Patent 10649744 B1, hereafter Black) and Raduchel et al. (US PGPUB 20190253523 A1, hereafter Raduchel).

Regarding to Claim 7, the rejection of Claim 1 is incorporated, the combination of Lukacs and Frank does not disclose: wherein the introspection command is provided to the introspection module through an introspection channel, and wherein the introspection channel is an encrypted connection.
However, Black discloses: an introspection command is provided to an introspection module (see lines 53-58 of col. 8 and lines 53-55 of col. 20 “a user can issue a command to invoke an introspection function on a programming construct (e.g., a class or package)”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the triggering of the performing introspection function from the combination of Lukacs and Frank by including method of manually triggering execution of the introspection function from Black, since automatic triggering execution of a coded function and manually triggering execution of the coded function are two well-known and understood mechanism in computing fields, adding the ability of manually triggering in addition to automatic triggering would provide flexibility of the system.

Furthermore, Raduchel discloses: a communication channel between user/client and a guest/virtual machine is an encrypted connection (see [0030]; “Each running container may be metered to allow a specified amount of processing power and may facilitate encrypted communications between the user device and the server-side virtual machine processes. In addition, the data for each container may be encrypted to prevent unauthorized use”). 
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the communication network between user/client and guest/virtual machine from the combination of Lukacs, Frank and Black by including encrypted communication between user device and virtual machines from Raduchel, and thus the combination of Lukacs, Frank, Black and Raduchel would disclose the missing limitations from the combination of Lukacs and Frank, since an encrypted communication is able to prevent unauthorized use (see [0030] from Raduchel).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US Patent 9596261 B1, Lukacs) in view of Frank et al. (US PGPUB 20180285561A1, hereafter Frank) and further in view of Mueller et al. (US PGPUB 20210311757 A1, hereafter Mueller).

Regarding to Claim 11, the rejection of Claim 10 is incorporated, the combination of Lukacs and Frank does not disclose: further comprising supplying, by one of a hypervisor and a supervisor, the introspection command to the TEE.
However, Mueller discloses: supplying, by one of a hypervisor and a supervisor, the introspection command to the virtual execution environment (see Fig. 2, [0014] and [0020]; “pod 
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the triggering of the performing introspection function from the combination of Lukacs and Frank by including method of manually triggering execution of the introspection function via the hypervisor as proxy to transmit the introspection command from Mueller, and thus the combination of Lukacs, Frank and Mueller discloses the missing limitations from the combination of Lukacs and Frank, since automatic triggering execution of a coded function and manually triggering execution of the coded function are two well-known and understood mechanism in computing fields, adding the ability of manually triggering in addition to automatic triggering would provide flexibility of the system.

Claims 14-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US Patent 9596261 B1, Lukacs) in view of Dwyer (US PGPUB 20190188282 A1), Black et al. (US Patent 10649744 B1, hereafter Black) and Raduchel et al. (US PGPUB 20190253523 A1, hereafter Raduchel).

Regarding to Claim 14, Lukacs discloses: A system comprising:
a memory; a processor in communication with the memory (see Figs. 1, 4, lines 31-39 of col. 6 and lines 67-4 of col. 10-11, “Controller hub 24 generically represents the plurality of system, peripheral, and/or chipset buses, and/or all other circuitry enabling the communication between processor 12 and devices 14, 16, 18, 20 and 22”);
inside the protected VM”, emphasis added. The trusted/protected VM, i.e., claimed trusted execution environment, was provisioned with a computer security module, i.e., claimed workload); and
a runtime executing within the TEE (see Figs. 2A-2C, lines 3-23 of col. 8, lines 13-30 of col. 18 and lines 48-55 of col. 21. The protected VM at least includes the CSM and such CSM would be executed for certain functions, and thus this protected VM must include at least a runtime to be configured to perform the certain functions of the CSM), wherein the runtime is configured to:
load a pre-generated memory accessing code into the TEE (lines 3-23 of col. 8 and lines 13-30 of col. 18; “determining whether software executing within the respective VM performs certain actions, such as executing certain processor instructions, accessing certain hardware resources, using certain services of the OS, accessing certain memory locations”. Note: claimed pre-generated memory accessing code here is a very broad terms, any memory accessing code/request/command/instruction can be considered as pre-generated if such code/request/command/instruction is generated before performing the corresponding memory accessing),
receive introspection commands (see Fig. 11, lines 3-23 of col. 8 and lines 13-30 of col. 18; “determining whether software executing within the respective VM performs certain actions, such as executing certain processor instructions, accessing certain hardware resources, using certain services of the OS, accessing certain memory locations”),

determine a status of a result of the introspection commands, wherein the status is one of a failure status and a success status (see Fig. 11, lines 20-30 of col. 18; “When CSM 60 determines that the current trigger event is not indicative of a threat … When the current trigger event indicates a threat … include alerting a system administrator and/or a user of the monitored guest VM”. The status of the result of the introspection command includes one of not indicative of a threat and indicative of a threat).
 
Lukacs does not disclose: wherein the code is supplied by an owner; receive introspection commands through an introspection channel, wherein the introspection channel is created between the runtime and the owner.
However, Dwyer discloses: a pre-generated memory accessing code is supplied by an owner (see [0052]; “SQLite is an embedded database that can read/write to its memory space and/or a disk file, no separate server process(es) is needed. WebAssembly is an example of a low level bytecode format for in-browser client-side scripting, hence the ability to implement the client-side data analysis artifact in a client-side application (e.g., a web browser, tab of a web browser, etc.). A toolchain can be used to compile C/C++ (e.g., SQLite, RDBMS) into 
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the memory accessing code/request from Lukacs by including user-defined query code from Dwyer, since it would provide enhanced commands or requests based on user’s or customer’s need via user’s defined code.

In addition, Black discloses: receive introspection commands through an introspection channel (see lines 53-58 of col. 8 and lines 53-55 of col. 20; “a user can issue a command to invoke an introspection function on a programming construct (e.g., a class or package)”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the triggering of the performing introspection function from the combination of Lukacs and Dwyer by including method of manually triggering execution of the introspection function from Black, since automatic triggering execution of a coded function and manually triggering execution of the coded function are two well-known and understood mechanism in computing fields, adding the ability of manually triggering in addition to automatic triggering would provide flexibility of the system.

Furthermore, Raduchel discloses: a communication channel is created between the runtime and the owner (see [0030]; “Each running container may be metered to allow a specified amount of processing power and may facilitate encrypted communications between the user 
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the communication protocol between user/client and guest/virtual machine from the combination of Lukacs, Dwyer and Black by including encrypted communication between user device and virtual machines from Raduchel, and thus the combination of Lukacs, Dwyer, Black and Raduchel would disclose the missing limitations from Lukacs, since an encrypted communication is able to prevent unauthorized use (see [0030] from Raduchel).

Regarding to Claim 15, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the introspection channel is an encrypted connection (see [0030] from Raduchel), and wherein a hypervisor is configured to supply the introspection commands to the runtime (see lines 53-58 of col. 8 and lines 53-55 of col. 20 from Black; “a user can issue a command to invoke an introspection function on a programming construct (e.g., a class or package)”).

Regarding to Claim 16, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the pre-generated memory accessing code is bytecode ([0052] from Dwyer; “SQLite is an embedded database that can read/write to its memory space and/or a disk file, no separate server process(es) is needed. WebAssembly is an example of a low level bytecode format for in-browser client-side scripting, hence the ability to implement the client-side data analysis artifact in a client-side application 

Regarding to Claim 17, the rejection of Claim 16 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the bytecode is one of WebAssembly bytecode and Berkeley Packet Filter (BPF) bytecode ([0052] from Dwyer; “SQLite is an embedded database that can read/write to its memory space and/or a disk file, no separate server process(es) is needed. WebAssembly is an example of a low level bytecode format for in-browser client-side scripting, hence the ability to implement the client-side data analysis artifact in a client-side application (e.g., a web browser, tab of a web browser, etc.). A toolchain can be used to compile C/C++ (e.g., SQLite, RDBMS) into WebAssembly, allowing the local, embedded database to be implemented in, e.g., a web browser tab, along with any visualization tools”).

Regarding to Claim 19, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein a hypervisor is configured to stop execution of the TEE responsive to the runtime determining the status is the failure status (see lines 23-30 of col. 18 from Lukacs; “blocking or quarantining the respective process, or otherwise preventing the respective process from executing”), and wherein that the at least one memory access matches a predetermined pattern (see lines 13-30 of col. 18 from Lukacs; “corroborating the current event with other facts, e.g., a history of previous introspection 

Regarding to Claim 20, the rejection of Claim 19 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the predetermined pattern includes a pattern of at least one of memory reads from the memory, memory writes to the memory, URLs visited by the workload, files accessed by the workload, messages sent by the workload, types of data read from the memory, and types of data written to the memory (see lines 3-23 of col. 8 and lines 13-30 of col. 18 from Lukacs; “introspection comprise determining memory addresses used by various software objects executing within the respective VM, and/or controlling access to a memory location indicated by such addresses. In some embodiments, CSM 60 uses information obtained via introspection to determine whether certain software objects within the respective VM are malicious” and “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM”).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US Patent 9596261 B1, Lukacs) in view of Dwyer (US PGPUB 20190188282 A1), Black et al. (US Patent 10649744 B1, hereafter Black) and Raduchel et al. (US PGPUB 20190253523 A1, hereafter Raduchel) and further in view of McMullen (US PGPUB 20210136080 A1).

Regarding to Claim 18, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel does not disclose: wherein the code is native code.
However, McMullen discloses: a pre-generated memory accessing code is native code (see [0017]; “(The isolation resources may be referred to as virtual machines or virtual nodes in some scenarios.) The context includes, for example, an address pointer or range of addresses that correspond to the isolation resource allocated for use by the customer application's native code. The isolation runtime then calls that native code and passes the context to it. The native code begins to execute and in so doing, may attempt to access a memory location that has yet to receive a copy of the required data”).
It would have been obvious to one with ordinary skill, in the art before the effective filling date of the claim invention, to modify the pre-generated memory accessing code from the combination of Lukacs, Dwyer, Black and Raduchel by including pre-generated memory accessing native code from McMullen, since it would provide a method of not only being able to provide user’s code but also being able to provide native code of user’s application to describe memory access request or command to provide flexibility on the system.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHI CHEN whose telephone number is (571)272-0805.  The examiner can normally be reached on Monday-Friday 9:30AM-5PM.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Zhi Chen/
Patent Examiner, AU2196


/DONG U KIM/Primary Examiner, Art Unit 2196