Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claim Rejections - 35 USC §103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3, 8, 10, 15, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs (Pat. No. US 10,049,211) in view of Brown (Pub. No. US 2018/0165224).
Claim 1, Lukacs teaches “a method comprising: detecting a hardware request of an application, wherein the application executes on a virtualized computer system ([Col. 8, Lines 30-31] Critical OS functions include, among others, functions performing memory allocation and manipulation of memory access permissions. [Fig. 4-B] VM on virtualized system); determining the hardware request includes a counter, wherein the counter is to be updated by the virtualized computer system, and wherein the counter includes a counter value ([Col. 8, Lines 4-23] Another exemplary field of register(s) 26 may store an address of a memory section used for saving the current state of counters 22-24, for instance, when a change of execution context occurs. Such fields may be writable by software executing on host system 10, e.g., by the operating system. In some embodiments, register(s) 26 may comprise dedicated fields for storing counter values, such as current values of counters 22-24. Processor 20 may be configured to save current values of counters 22-24 to such register fields, for instance, upon a change of execution context, and to read such values from the respective fields when returning to the original execution context. In an embodiment employing virtualization (see e.g., FIGS. 4-B-C-D), processor 20 may save the state of counters to an area dedicated to storing a virtual machine state object (e.g., VMCS on Intel.RTM. platforms, VMCB on AMD.RTM. platforms) used to manage each virtual machine executing on host system 10. More details about saving and/or restoring counter states are given below, in relation to FIG. 7.); intercepting, based on the determining the hardware request includes the counter, the hardware request before the hardware request is processed by a hypervisor that hosts the virtualized computer system ([Col. 6, Lines 62-64] “Processor switch events generated by counter control unit 28 may be interpreted by security software executing on host system 10 as triggers for launching an anti-malware analysis of the currently executing software, as shown in more detail below.”)”.
However, Lukacs may not explicitly teach encrypting the register values prior to storing into the VMCB.
Brown teaches “saving the counter value in a secure memory, the secure memory obscured from the hypervisor ([0038] When encrypted VM 325 exits to the hypervisor, the guest register state of encrypted VM 325 is encrypted with the same encryption key as encrypted VM 325, and then the encrypted guest register state is stored in a protected region of system memory. Encrypting the guest register state of encrypted VM 325 prevents a malicious hypervisor from accessing and/or modifying the guest register state of encrypted VM 325.); generating a scrambled counter value ([0021] In one embodiment, the encryption key for a guest VM is also used to encrypt the guest register state of the guest VM when the guest VM exits and a hypervisor or other guest VM starts executing on system 100.); updating the hardware request (i.e. as provided by Lukacs) with the scrambled counter value; and providing, after the updating the hardware request, the hardware request to the hypervisor ([0016] Additionally, in one embodiment, the system is configured to encrypt a first portion of a virtual machine control block (VMCB) of the guest VM when storing the VMCB to the memory. Also, in this embodiment, the system is configured to store, in an unencrypted state, a second portion of the VMCB in the memory. [0031] In one embodiment, the VMCB 222 includes the guest register state, which is decrypted and loaded into a processor in the host hardware 220 when the guest is scheduled to execute and is encrypted and stored back to the VMCB 222 when the guest exits (either due to completing its scheduled time, or due to an intercept or other event that the processor detects for exiting the guest). [0020] additional differentiating factor between a main processor and security processor 135 is that security processor 135 includes one or more security-related mechanisms (e.g., random number generator, cryptographic coprocessor). [0025] In one embodiment, the VMM 218 … maintain a set of virtual machine control blocks ( VMCBs) 222.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Brown with the teachings of Lukacs in order to provide a system that teaches protecting data of a VM. The motivation for applying Brown teaching with Lukacs teaching is to provide a system that allows for improving upon the security features of Lukacs, thus preventing side-channel attacks. Lukacs, Brown are analogous art directed towards security of VM environments. Together Lukacs, Brown teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Brown with the teachings of Lukacs by known methods and gained expected results. 
Claim 3, the combination teaches the claim, wherein Brown teaches “the method of claim 1, wherein the secure memory is encrypted, and wherein the hypervisor does not have access to the secure memory ([0016] Additionally, in one embodiment, the system is configured to encrypt a first portion of a virtual machine control block (VMCB) of the guest VM when storing the VMCB to the memory. Also, in this embodiment, the system is configured to store, in an unencrypted state, a second portion of the VMCB in the memory)”.
Claim 8, “a system, the system comprising: a memory, the memory containing one or more instructions; and a processor, the processor communicatively coupled to the memory, the processor, in response to reading the one or more instructions, configured to: detect a hardware request of an application, wherein the application executes on a virtualized computer system; determine the hardware request includes a counter, wherein the counter to be performed by the virtualized computer system, and wherein the counter includes a counter value; intercept, based on the determine the hardware request includes the counter, the hardware request before the hardware is similar to claim 1 and therefore rejected with the same references and citations.
Claim 10, “the system of claim 8, wherein the secure memory is encrypted, and wherein the hypervisor does not have access to the secure memory” is similar to claim 3 and therefore rejected with the same references and citations.
Claim 15,  “a computer program product, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions configured to: detect a hardware request of an application, wherein the application executes on a virtualized computer system; determine the hardware request includes a counter, wherein the counter to be performed by the virtualized computer system, and wherein the counter includes a counter value; intercept, based on the determine the hardware request includes the counter, the hardware request before the hardware request is processed by a hypervisor that hosts the virtualized computer system; save the counter value in a secure memory, the secure memory obscured from the hypervisor; generate a scrambled counter value; update the hardware request with the scrambled counter value; and provide, after the update the hardware request, the hardware request to the hypervisor” is similar to claim 1 and therefore rejected with the same references and citations.
Claim 17, “the computer program product of claim 15, wherein the secure memory is encrypted, and wherein the hypervisor does not have access to the secure memory” is similar to claim 3 and therefore rejected with the same references and citations.
Claims 2, 9, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs in view of Brown in further view of Kaplan (Pub. No. US 2017/0220369).
Claim 2, the combination may not explicitly teach the limitation.
Kaplan teaches “the combination teaches the claim, wherein Brown teaches “The method of claim 1, further comprising: determining, based on the detecting of the hardware request, one or more ([0027] As mentioned previously, a VMCB 122 may be maintained for each guest 110A-110N and/or each vCPU in the guest. The VMCB 122 may generally include a data structure stored in a storage area that is allocated for the corresponding guest 110A-110N. In one embodiment, the VMCB 122 may include a page of memory, although other embodiments may use larger or smaller memory areas and/or may use storage on other media such as non-volatile storage. In one embodiment, the VMCB 122 may include the guest's processor state, which may be loaded into a processor in the host hardware 120 when the guest is scheduled to execute and may be stored back to the VMCB 122 when the guest exits (either due to completing its scheduled time, or due to an intercept or other event that the processor detects for exiting the guest). In one embodiment, when the guest exits, the guest's processor state may be encrypted prior to being stored to VMCB 122, and the guest's encrypted processor state may be decrypted before the state is loaded into the processor when the guest commences execution.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Kaplan with the teachings of Lukacs, Brown in order to provide a system that teaches VMCB of Lukacs may be further encrypted. The motivation for applying Kaplan teaching with Lukacs, Brown teaching is to provide a system that allows for improving upon the security features of Lukacs, thus preventing side-channel attacks. Lukacs, Brown, Kaplan are analogous art directed towards security of VM environments. Together Lukacs, Brown, Kaplan teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Kaplan with the teachings of Lukacs, Brown by known methods and gained expected results. 
Claim 9, “the system of claim 8, wherein the processor is further configured to: determine, based on the detecting the hardware request, one or more data inputs in the hardware request; and obscure the one or more data inputs” is similar to claim 2 and therefore rejected with the same references and citations.
Claim 16, “the computer program product of claim 15, wherein the program instructions further configured to: determine, based on the detecting the hardware request, one or more data  is similar to claim 2 and therefore rejected with the same references and citations.
Claims 4, 11 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs in view of Brown in further view of Danahy (Pub. No. US 2018/0189484).
Claim 4, the combination may not explicitly teach the limitation.
Danahy teaches “the combination teaches the claim, wherein Lukacs teaches “The method of claim 1, wherein the method is performed by an ultravisor ([0070] Turning now to now to the accompanying figures, particular aspects of the present invention will now be described in detail. As shown in FIG. 1A, a representative computer system onto which an embodiment of the present invention is deployed, is shown as system 100. This system 100 includes a computer having a processor (CPU) 102, a Kernel/Operating System (Kernel/OS) 104, a plurality of Applications 106, and one or more low-level data collector modules 108, such as in the form of a conventional micro -hypervisor ("microvisor") configured in the accordance with the teachings herein. Those skilled in the art will recognize that the term microvisor refers to a security-focused hypervisor that provides micro-virtualization technology to ensure secure computing environments. Short for micro -hypervisor, a microvisor works with the VT (Virtualization Technology) features built into Intel, AMD and other CPUs to create hardware-isolated micro virtual machines (micro-VMs) for each task performed by a user that utilizes data originating from an unknown source. Embodiments of the present invention use a microvisor based on a Type-1 hypervisor.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Danahy with the teachings of Lukacs, Brown in order to provide a system that teaches ultravisor. The motivation for applying Danahy teaching with Lukacs, Brown teaching is to provide a system that allows for improving upon the security features of Lukacs, thus preventing side-channel attacks. Lukacs, Brown, Danahy are analogous art directed towards security of VM environments. Together Lukacs, Brown, Danahy teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have 
Claim 11, “the system of claim 8, wherein the processor is configured to execute an ultravisor” is similar to claim 4 and therefore rejected with the same references and citations.
Claims 5, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs in view of Brown in view of Danahy in further view of Liu (Pub. No. US 2021/0281408).
Claim 5, the combination may not explicitly teach the limitation.
Liu teaches “the method of claim 4, wherein the scrambled counter value is generated by a random number generator of the ultravisor ([0053] The DP accelerator includes a security unit (SU) configured to establish and maintain a secure channel with the host system to exchange commands and data associated with the data processing operations, where the security unit includes a secure storage area to store a private root key associated with the DP accelerator, where the private root key is utilized for authentication. The SU includes a random number generator to generate a random number, and a cryptographic engine to perform cryptographic operations on data exchanged with the host system over the bus using a session key derived based on the random number.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Liu with the teachings of Lukacs, Brown, Danahy in order to provide a system that teaches ultravisor performing RNG. The motivation for applying Liu teaching with Lukacs, Brown, Danahy teaching is to provide a system that allows for improving upon the security features of Lukacs. Lukacs, Brown, Danahy, Liu are analogous art directed towards security of VM environments. Together Lukacs, Brown, Danahy, Liu teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Liu with the teachings of Lukacs, Brown, Danahy by known methods and gained expected results.
Claim 18, “the computer program product of claim 15, wherein the scrambled counter value is generated by a random number generator of an ultravisor” is similar to claim 5 and therefore rejected with the same references and citations.

Claims 7, 14, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs in view of Brown in view of Danahy in further view of Tsirkin (Pub. No. US 2018/0011733).
Claim 7, the combination may not explicitly teach the limitation.
Tsirkin teaches “the method of claim 1, wherein the counter is a decrementer ([0026] FIG. 2C illustrates a third timer configuration. In the third timer configuration, the interval time 205 has expired on the control timer 162 (e.g., the interval time 205 remaining is zero). Responsive to the interval time 205 expiring on the control timer 162, the physical processor 120B sends an inter-processor interrupt 215 to the physical processor 120A (block 220). The inter-processor interrupt 215 is configured to cause the guest virtual machine 170A to exit to the hypervisor 180, such that the guest virtual machine 170A no longer has access to the physical processor 120A and the physical timer 160. For example, the inter-processor interrupt 215 is configured to cut timer access (as illustrated by the link defined by arrow 210).)”. 
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Tsirkin with the teachings of Lukacs, Brown in order to provide a system that teaches decrementing. The motivation for applying Tsirkin teaching with Lukacs, Brown teaching is to provide a system that allows for design choices regarding when events are triggered. Lukacs, Brown, Tsirkin are analogous art directed towards security of VM environments. Together Lukacs, Brown, Tsirkin teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Tsirkin with the teachings of Lukacs, Brown by known methods and gained expected results.
Claim 14. The system of claim 8, wherein the counter is a decrementer” is similar to claim 7 and therefore rejected with the same references and citations.
Claim 20, “the computer program product of claim 15, wherein the counter is a decrementer” is similar to claim 7 and therefore rejected with the same references and citations.
Claims 12 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs in view of Brown in view of Danahy in further view of Almer (Pub. No. US 2016/0314299)
Claim 12, the combination may not explicitly teach the limitation.
([0071] Typical examples of type 1 hypervisors include VMware ESXi, Microsoft Hyper-V, Open Kernel Labs/General Dynamics OKL4 Microvisor and Citrix XenServer. [0084] One of the embedded processors is the Trusted Platform Module (TPM) that is used for the secure storage/depository of the cryptographic material (security certificates and encryption keys) and the platform configuration registers, for generation of the random numbers and the dynamic encryption keys used in the cryptographic algorithms and for support of the encryption/decryption operations of the sensitive content, stored locally or transferred over the wireless communication channels.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Almer with the teachings of Lukacs, Brown, Danahy in order to provide a system that teaches ultravisor performing RNG. The motivation for applying Almer teaching with Lukacs, Brown, Danahy teaching is to provide a system that allows for improving upon the security features of Lukacs. Lukacs, Brown, Danahy, Almer are analogous art directed towards security of VM environments. Together Lukacs, Brown, Danahy, Almer teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Almer with the teachings of Lukacs, Brown, Danahy by known methods and gained expected results.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WYNUEL S AQUINO whose telephone number is (571)272-7478. The examiner can normally be reached 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WYNUEL S AQUINO/Primary Examiner, Art Unit 2199