DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Office Action is in response to Applicant’s Amendment and Remarks filed on 11 October 2021. 
Claims 1-20 are pending for examination.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Traut (US. Pub. 2007/0050764 A1) in view of Coleman et al. (US Pub. 2019/0097971 A1) and further in view of Tsirkin (US. Pub. 2019/0268318 A1), Riel (US Pub. 2017/0244557 A1) and Sood et al. (US. Pub. 2016/0373474 A1).
Traut, Tsirkin, Riel and Sood were cited in the previous office Action.

As per claim 1, Traut teaches the invention substantially as claimed including A system, comprising: 
one or more computing devices of a virtualized computing service (Traut, [0002] lines 1-3, The present disclosure generally relates to the field computing. More specifically, it relates to computer virtualization); 
wherein the one or more computing devices include instructions that upon 10execution on or across one or more processors cause the one or more computing devices to (Traut, [0008] lines 1-2, many processors provide hardware support for one level of virtualization; Claim 15, lines 1-3, computer readable medium bearing computer executable instructions providing hierarchical virtualization): 
launch a compute instance at a virtualization host, wherein a portion of memory of the virtualization host is allocated to the compute 15instance (Traut, Fig. 2B (as virtualization host), 208 Partition A (as compute instance), 202 Physical computer hardware; [0016] lines 1-3, FIG. 2B is a block diagram representing an alternative virtualized computing system wherein the virtualization is performed by a virtual machine monitor running side-by-side with a host operating system; [0047] lines 1-8, One benefit of this type of hierarchical arrangement is that it supports multi-level administration of large machines. For example, a "machine administrator" can control the virtualization stack within a "root partition" (i.e. the top-most parent partition). This administrator can then create sub-partitions that have virtualization stacks of their own and assign each of these a set of machine resources (memory, processors, NICs, disk drives, and so on) (as the portion of the memory is assigned to partition A)); 
segregate a first subset of the portion of memory for a first child isolated run-time environment of the compute instance (Traut, Fig. 3, 304 Guest B.1; Fig. 4, 406 Child partition A; [0047] lines 8-15, This administrator can then allow other further partition the resources they were assigned. In such a scenario, the second-level virtualization stack is constrained to use the resources provided by the first-level (i.e. root-level) virtualization stack, but then those assigned resources can be used in any way fit), and wherein the first subset is inaccessible from programs running outside the first child isolated run-time environment (Traut, [0011] lines 12-14, the child partition asks the parent partition for exclusive control of resources; [0041] lines 3-6, portion of the memory of the child partition A 406 is not accessible 414 by the parent partition 404. Thus, the parent partition 404 cannot access the resources of the child partition A 406; [0042] lines 1-4, the entire child partition B 408 is not accessible 414 by the parent partition 404, and therefore the parent partition 404 is fully distrusted, thereby making the child partition B 408 very secure).
a communication intermediary established at the compute instance (Traut, Fig. 3, 302 Hypervisor B (as communication intermediary); [0033] lines 7-8, Hypervisors B 302 and C 308 are nested within guest partitions B 314 (as first compute instance) and C 316, [0047] lines 1-8, One benefit of this type of hierarchical arrangement is that it supports multi-level administration of large machines. For example, a "machine administrator" can control the virtualization stack within a "root partition" (i.e. the top-most parent partition). This administrator can then create sub-partitions that have virtualization stacks of their own and assign each of these a set of machine resources (memory, processors, NICs, disk drives, and so on)).

wherein network communications with endpoints outside the virtualization host are 20prohibited from the first child isolated run-time environment.

However, Coleman teaches wherein direct network communications with any other endpoints outside the virtualization host are 20prohibited from the first child isolated run-time environment (Coleman, Fig. 2, 212 host computing system/protected system (as virtualization host), 220 (sandboxed computing environment); Fig. 4, 420A (as first child isolated run-time environment); [0072] lines 13-15, The sandboxed computing environment 320 may be prohibited from communicating with other devices within the network 330; also see [0082] lines 3-5, The host-based firewall 414 may prohibit and/or prevent communication (e.g., direct communication) between the host computer system 412 and other devices connected to the network 430).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut with Coleman because Coleman’s teaching of prohibiting the communication between sandboxed computing environment and other devices within the network would have provided Traut’s system with the advantage and capability to prevent any potential malware attack which improving the system security.

 Although Traut and Coleman teach the first child isolated run-time 25environment,   Traut and Coleman fail to specifically teach cause an attestation of a configuration of the first child isolated run-time environment to be initiated by a security manager established at a virtualization management component of the virtualization host; provide, to one or more destinations, (a) a result of the attestation and (b) an indication of an identity of the security manager; determine that the result of the attestation has been accepted; obtain, at the first child isolated run-time environment, an encrypted security artifact via a communication intermediary established, wherein decryption of the security artifact requires a key that is inaccessible to (a) the communication intermediary and (b) other programs running at the compute instance; and perform, at the first child isolated run-time environment, one or more computations using the security artifact and the first subset of the portion of memory.

However, Tsirkin teaches cause an attestation of a configuration of the first child isolated run-time 25environment to be initiated by a security manager established at a virtualization management component of the virtualization host (Tsirkin, Fig. 3, 330 processing device (as virtualization host), 352 validation component (as virtualization management component), 354 Attestation module (as security manager); [0051] lines 1-4, Attestation module 354 can perform a first validation process to prove to the guest owner of the VM 350 that the VM 350 may be securely launched with encrypted virtualization features enabled ); 
provide, to one or more destinations, (a) a result of the attestation (Tsirkin, [0051] lines 4-12, attestation module 354 can obtain a measurement representative of a state of the VM 350. The measurement may be a hash of contents of a memory of the VM 350 (e.g., a guest memory of the VM 350 as described in connection with FIG. 2). Attestation module 354 can then transmit the measurement to hypervisor 340 for transmission to the guest owner (as provide to one or more destinations with measurement (as result of attestation)); 
determine that the result of the attestation has been accepted (Tsirkin, [0052] lines 1-3, VM management module 346 may receive, from the guest owner, a message indicating whether the measurement is valid (as determining if the measurement is valid); 
obtain, at the first child isolated run-time environment, an encrypted security artifact via a communication intermediary, wherein decryption of the security artifact 5requires a key that is inaccessible to (a) the communication intermediary (Tsirkin, [0053] lines 1-20, the message may indicate that the measurement is valid. The guest owner may transmit secret data (as encrypted security artifact) associated with VM 350 to VM 350. In one implementation, VM 350 (e.g., operation module 356) may receive the secret data from the secret data via a secure communication channel. In another implementation, VM management module 346 can receive the secret data and can inject the secret data into the VM 350. The secret data may include any suitable data that can be used to boot and/or operate VM 350…The secret data may be encrypted data encrypted using an encryption key that is not accessible to the hypervisor 340 (as communication intermediary, see Traut, Fig. 3,  and 
perform, at the first child isolated run-time environment, one or more 10computations using the security artifact and the first subset of the portion of memory (Tsirkin, [0053] lines 8-15, The secret data may include any suitable data that can be used to boot and/or operate VM 350 (as using secret data (security artifact) for doing one or more computations (operate VM)). The secret data may include, for example, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a virtual disk associated with VM 350; also see [0047] lines 1-3, guest 232 can designate one or more particular portions of the guest memory 210).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut and Coleman with Tsirkin because Tsirkin’s teaching of ensuring and verifying the security of the virtual machine and only allowing secured virtual machine to perform the operation for the user would have provided Traut and Coleman’s system with the advantage and capability to improve the system security and ensuring the confidentiality and privacy for the users.

Traut, Coleman and Tsirkin fail to specifically teach wherein decryption of the security artifact 5requires a key that is inaccessible to (b) other programs running at the compute instance.

However, Riel teaches wherein decryption of the security artifact 5requires a key that is inaccessible to (b) other programs running at the compute instance (Riel, Fig. 1, 110-1, 1102 virtual machines (as computing instance), 112-1-2 Guest; Fig. 2, 112, Guest, 206 application sets; [0028] lines 3-6, the guest operating system 112 supports a number of applications that are divided into sets 206. Each one of these sets 206 is associated with its own encryption key identifier 204 (as key); [0029] line 8, a set may correspond to a nested virtual machine; [0045] lines 3-6, The encryption key identifier is used by the encryption module to identify a particular encryption key to be used to encrypt or decrypt data (as decrypt the security artifact); [0030] lines 3-13, Application Set A 206-1 corresponds to encryption key identifier A 204-1, Application Set B 206-2 corresponds to encryption key identifier A 204-2, and Application Set C 206-3 corresponds to encryption key identifier C 204-3…applications within Application Set C 206-3 write data to memory, that memory is transparently encrypted by the encryption module (e.g., 103, FIG. 1) using the encryption key associated with encryption key identifier C 204-3; also see [0040] lines 6-10, This prevents the scenario in which a maliciously obtained encryption key identifier is obtained by an application running on a guest operating system associated with a different virtual machine attempts to access data to which it should not have access; [0044] lines 7-10, To keep the encryption key secure from other programs that may wish to obtain unauthorized access to an encryption key).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Coleman and Tsirkin with Riel because Riel’s teaching of each nested virtual machine corresponding to respective encryption key identifier and prevents maliciously to obtain the encryption key identifier would have provided Traut, Coleman and Tsirkin’s system with the advantage and capability to keep the encryption key secure from other programs that may wish to obtain unauthorized access to an encryption key which improving the system security (see Riel, [0044] lines 7-10).

Traut, Coleman, Tsirkin and Riel fail to specifically teach when provide the result of attestation, it also provide (b) an indication of an identity of the security manager.
30
However, Sood teaches when provide the result of attestation, it also provide (b) an indication of an identity of the security manager (Sood, [0103] lines 1-4, the NFV security services controller 102 verifies the SFC topology based on the security monitoring policy to ensure compliance with the security monitoring policy; [0110] lines 7-11, the NFV security services controller 102 securely transmits a command with a unique identifier of the NFV security services controller (as indication of an identity of the security manager) to the NFV security services provider 420 to instantiate an NFV security services agent; [0130] lines 1-6, The provisioning management module 1210 is 

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Coleman, Tsirkin and Riel with Sood because Sood’s teaching of providing the unique identifier of the NFC security service controller would have provided Traut, Coleman, Tsirkin and Riel’s system with the advantage and capability to verifying the secure communication and identifying the identity of the service provider (security manager) which improving the system security and ensuring the confidentiality.

As per claim 2, Traut, Coleman, Tsirkin, Riel and Sood teach the invention according to claim 1 above. Traut further teaches determine, based at least in part on a parameter of a launch request for the compute instance, that the first child isolated run-time environment is to be established within the compute instance (Traut, [0011] lines 3-4, A child partition is created by the virtualization stack within the parent partition; [0063] lines 1-21, Lastly, the VID 810 may contain Partition Creation & Control subcomponent. This subcomponent allows user-level components to create, delete, and manage partitions and specify partition-wide resources and quotas, defining scheduling and access control policies. For example, the creation of a new partition might be implemented by first making a hypercall to a module within the hypervisor (e.g. 

As per claim 3, Traut, Coleman, Tsirkin, Riel and Sood teach the invention according to claim 1 above. Traut further teaches determine, based at least in part on a programmatic request received after the compute instance is launched, that the first child isolated run-time environment is to be established within the compute instance (Traut, [0011] lines 3-4, A child partition is created by the virtualization stack within the parent partition; [0063] lines 1-21, Lastly, the VID 810 may contain Partition Creation & Control subcomponent. This subcomponent allows user-level components to create, delete, and manage partitions and specify partition-wide resources and quotas, defining scheduling and access control policies. For example, the creation of a new partition might be implemented by first making a hypercall (as programmatic request) to 

As per claim 5, Traut, Coleman, Tsirkin, Riel and Sood teach the invention according to claim 1 above. Traut further teaches instantiate a second child isolated run-time environment of the compute instance at the virtualization host, wherein a second subset of the portion of memory is segregated for exclusive use from the second child isolated run-time environment (Traut, Fig. 5, Child partition 1B (as second child IRE); [0011] lines 3-4, A child partition is created by the virtualization stack within the parent partition; [0047] lines 8-15, This administrator can then allow other administrators (e.g. team-level administrators) to further partition the resources they were assigned. In such a scenario, the second-level virtualization stack is constrained to use the resources provided by the first-level (i.e. root-level) virtualization stack, but then those assigned resources can be used in any way fit).


Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Traut, Coleman, Tsirkin, Riel and Sood, as applied to claim 1 above, and further in view of Hoole et al. (US Pub. 2007/0239987 A1).
Hoole was cited on PTO-892 on 12/24/2020.

As per claim 4, Traut, Coleman, Tsirkin, Riel and Sood teach the invention according to claim 1 above. Traut further teaches configuration settings of the isolated run-time environment (Traut, [0064] lines 4-6, Virtual Machine Management Service 812 manages a set of VM configurations and exposes a set of WMI-based APIs for managing and controlling VMs).

Traut, Coleman, Tsirkin, Riel and Sood fail to specifically teach the configuration settings do not permit input/output (I/O) operations to or from persistent storage.

However, Hoole teaches the configuration settings do not permit input/output (I/O) operations to or from persistent storage (Hoole, [0005] lines 7-8, restricting undesired communications to those systems from other systems (as including persistent storage, see Fig.2, 200 computing system, 240 storage); claim 6, the hosted virtual machine nodes other than the privileged virtual machine nodes each include firewall capabilities configured for that virtual machine node to restrict communications received from others).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Coleman, Tsirkin, Riel and Sood with Hoole because Hoole’s teaching of configuring the firewall of the virtual machine (as configuration settings) for restricting the communications between others (VMs) would have provided Traut, Coleman, Tsirkin, Riel and Sood’s system with the advantage and capability to prevent any unauthorized communications between virtual machines which improving the system security and reliability.

Claims 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Traut (US. Pub. 2007/0050764 A1) in view of Tsirkin (US. Pub. 2019/0268318 A1) and further in view of LUKACS et al. (US Pub. 2014/0053272 A1) and Riel (US Pub. 2017/0244557 A1).
Traut, Tsirkin and Riel were cited in the previous Office Action.

As per claim 6, Traut teaches the invention substantially as claimed including A method, comprising: 
performing, at one or more computing devices (Traut, [0002] lines 1-3, The present disclosure generally relates to the field computing. More specifically, it relates to computer virtualization; [0008] lines 1-2, many processors provide hardware support for one level of virtualization; Claim 15, lines 1-3, computer readable medium bearing computer executable instructions providing hierarchical virtualization): 
assigning, by a hypervisor, for exclusive use by an isolated run-time environment set up at a virtualization host, a subset of resources allocated to a parent compute instance of the isolated run-time environment (Traut, Fig. 2B (as virtualization host), 204’ virtual machine monitor (as hypervisor), 208 Partition A (as compute instance), 202 Physical computer hardware; Fig. 3, 304 Guest B.1; Fig. 4, 406 Child partition A; [0011] lines 12-14, the child partition asks the parent partition for exclusive control of resources; [0016] lines 1-3, FIG. 2B is a block diagram representing an alternative virtualized computing system wherein the virtualization is performed by a virtual machine monitor running side-by-side with a host operating system; [0030] lines 4-7, the VMM 204' may instead comprise a partially independent software system that on some levels interacts indirectly with the computer hardware 202 via the host operating system 204''; [0047] lines 1-15, One benefit of this type of hierarchical arrangement is that it supports multi-level administration of large machines. For example, a "machine administrator" can control the virtualization stack within a "root partition" (i.e. the top-most parent partition). This administrator can then create sub-partitions that have virtualization stacks of their own and assign each of these a set of machine resources (memory, processors, NICs, disk drives, and so on) (as the subset of the resource is assigned to partition A). This administrator can then allow other administrators (e.g. team-level administrators) to further partition the resources they were assigned. In such a scenario, the second-level virtualization stack is constrained to use the resources provided by the first-level (i.e. root-level) virtualization stack, but then those assigned resources can be used in any way fit));  

providing, to one or more endpoints, a result of a configuration analysis of the isolated run-time environment, wherein the configuration analysis of the isolated run-time environment of the parent compute instance is performed by a security manager of the hypervisor that is external to the parent compute instance or another component that is external to the parent compute instance; obtaining, at the isolated run-time environment, subsequent to an acceptance of the result of the configuration analysis, an encrypted application security artifact, wherein decryption of the application security artifact at the virtualization host requires a key inaccessible outside the isolated run-time environment; and performing, at the isolated run-time environment, one or more computations using the application security artifact.

However, Tsirkin teaches providing, to one or more endpoints, a result of a configuration analysis of the isolated run-time environment (Tsirkin, Fig. 3, 354 Attestation module; [0051] lines 1-4, Attestation module 354 can perform a first validation process to prove to the guest owner of the VM 350 that the VM 350 may be securely launched with encrypted virtualization features enabled; [0051] lines 4-12, attestation module 354 can obtain a measurement representative of a state of the VM 350. The measurement may be a hash of contents of a memory of the VM 350 (e.g., a guest memory of the VM 350 as described in connection with FIG. 2). Attestation module 354 can then transmit the measurement to hypervisor 340 for transmission to the guest owner (as provide to one or more destinations/endpoints with measurement (as result of configuration analysis));
obtaining, at the isolated run-time environment, subsequent to an acceptance of the result of the configuration analysis, an encrypted application security artifact, wherein decryption of the application security artifact at the virtualization host requires a key inaccessible (Tsirkin, [0052] lines 1-3, VM management module 346 may receive, from the guest owner, a message indicating whether the measurement is valid (as determining if the measurement is valid; [0053] lines 1-20, the message may indicate that the measurement is valid. The guest owner may transmit secret data (as encrypted security artifact) associated with VM 350 to VM 350. In one implementation, VM 350 (e.g., operation module 356) may receive the secret data from the secret data via a secure communication channel. In another implementation, VM management module 346 can receive the secret data and can inject the secret data into the VM 350. The secret data may include any suitable data that can be used to boot and/or operate VM 350…The secret data may be encrypted data encrypted using an encryption key that is not accessible to the hypervisor 340. As such, the hypervisor 340 cannot read the contents of the secret data even when the hypervisor 340 possesses the secret data [Examiner noted: the secret data is encrypted with using encryption key, and the hypervisor with secure communication channel cannot read/access the secret data]); and 
performing, at the isolated run-time environment, one or more computations using the application security artifact (Tsirkin, [0053] lines 8-15, The secret data may include any suitable data that can be used to boot and/or operate VM 350 (as using secret data (security artifact) for doing one or more computations (operate VM)). The secret data may include, for example, a cryptographic key that can be used 

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut with Tsirkin because Tsirkin’s teaching of ensuring and verifying the security of the virtual machine and only allowing secured virtual machine to perform the operation for the user would have provided Traut’s system with the advantage and capability to improve the system security and ensuring the confidentiality and privacy for the users.

Traut and Tsirkin fail to specifically teach wherein the configuration analysis of the isolated run-time environment of the parent compute instance is performed by a security manager of the hypervisor that is external to the parent compute instance or another component that is external to the parent compute instance.

However, LUKACS teaches wherein the configuration analysis of the isolated run-time environment of the parent compute instance is performed by a security manager of the hypervisor that is external to the parent compute instance or another component that is external to the parent compute instance (LUKACS, Fig. 1, 140a Guest VM (as isolated run-time environment), 40a Host VM (as parent compute instance), 30 Host hypervisor, 32 Introspection engine (as security manager of the hypervisor that is external to the parent compute instance); [0023] lines introspection of nested virtual machines such as guest VMs 140a-b, up to any level of nesting, as shown below. For instance, engine 32 may be a component of host hypervisor 30. In some embodiments, introspection of a VM comprises analyzing a behavior of a software object executing on the respective VM, determining and/or accessing memory addresses of such software objects, and analyzing a content of memory located at such addresses, among others. An exemplary introspection operation comprises determining whether the respective software object is malicious, e.g., whether it comprises malware such as a computer virus. In some embodiments, software objects analyzed by introspection engine 32 comprise processes, instruction streams, data structures, as well as driver components and parts of the operating system executing on the respective VM, among others (as configuration analysis of the isolated run-time environment); also see [0031] lines 4-5, engine 32 determines a set of properties, such as a memory address, of a software object executing on guest VM 140a-b).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut and Tsirkin with LUKACS because LUKACS’s teaching of using the Introspection engine (as security manager) for analyzing the processes, instruction streams, data structures, as well as driver components and parts of the operating system executing on the guest VM (as isolated run-time environment) would have provided Traut and Tsirkin’s system with 

Traut, Tsirkin and LUKACS fail to specifically teach a key inaccessible outside the isolated run-time environment.

However, Riel teaches a key inaccessible outside the isolated run-time environment (Riel, Fig. 1, 110-1, 1102 virtual machines (as computing instance), 112-1-2 Guest; Fig. 2, 112, Guest, 206 application sets; [0028] lines 3-6, the guest operating system 112 supports a number of applications that are divided into sets 206. Each one of these sets 206 is associated with its own encryption key identifier 204 (as key); [0029] line 8, a set may correspond to a nested virtual machine; [0045] lines 3-6, The encryption key identifier is used by the encryption module to identify a particular encryption key to be used to encrypt or decrypt data (as decrypt the security artifact); [0040] lines 6-10, This prevents the scenario in which a maliciously obtained encryption key identifier is obtained by an application running on a guest operating system associated with a different virtual machine attempts to access data to which it should not have access; [0044] lines 7-10, To keep the encryption key secure from other programs that may wish to obtain unauthorized access to an encryption key).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, 

As per claim 7, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut further teaches determining, based at least in part on a parameter of a launch request for the parent compute instance, that the isolated run-time environment is to be established within the parent compute instance (Traut, [0011] lines 3-4, A child partition is created by the virtualization stack within the parent partition; [0063] lines 1-21, Lastly, the VID 810 may contain Partition Creation & Control subcomponent. This subcomponent allows user-level components to create, delete, and manage partitions and specify partition-wide resources and quotas, defining scheduling and access control policies. For example, the creation of a new partition might be implemented by first making a hypercall to a module within the hypervisor (e.g. HvCreatePartition). Next, one or more virtual processors are created by invoking a hypercall HvCreateVp. Memory is assigned to the guest physical address space of the newly-created partition by invoking another hypercall, e.g. HvMapGpaPages. Intercepts are requested for certain processor action by invoking the hypercall HvInstallIntercept. Various scheduling and security policies are set by invoking the hypercall HvSetPartitionProperty. Initialization code (e.g. an OS loader or a system BIOS) is 

As per claim 8, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut further teaches determining, based at least in part on a programmatic request received after the parent compute instance is launched, that the isolated run-time environment is to be established within the parent compute instance (Traut, [0011] lines 3-4, A child partition is created by the virtualization stack within the parent partition; [0063] lines 1-21, Lastly, the VID 810 may contain Partition Creation & Control subcomponent. This subcomponent allows user-level components to create, delete, and manage partitions and specify partition-wide resources and quotas, defining scheduling and access control policies. For example, the creation of a new partition might be implemented by first making a hypercall (as programmatic request) to a module within the hypervisor (e.g. HvCreatePartition). Next, one or more virtual processors are created by invoking a hypercall HvCreateVp. Memory is assigned to the guest physical address space of the newly-created partition by invoking another hypercall, e.g. HvMapGpaPages. Intercepts are requested for certain processor action by invoking the hypercall HvInstallIntercept. Various scheduling and security policies are set by invoking the hypercall HvSetPartitionProperty. .

Claims 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Traut, Tsirkin, LUKACS and Riel, as applied to claim 6 above, and further in view of Hoole et al. (US Pub. 2007/0239987 A1).
Hoole was cited in the previous Office Action.

As per claim 9, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut further teaches configuration settings of the isolated run-time environment (Traut, [0064] lines 4-6, Virtual Machine Management Service 812 manages a set of VM configurations and exposes a set of WMI-based APIs for managing and controlling VMs).

Traut, Tsirkin, LUKACS and Riel fail to specifically teach the configuration settings do not permit network communications between the isolated run-time environment and any other endpoints external to the isolated run-time environment.

do not permit network communications between the isolated run-time environment and any other endpoints external to the isolated run-time environment (Hoole, [0005] lines 7-8, restricting undesired communications to those systems from other systems (as including any other endpoints external, see Fig.2,); claim 6, the hosted virtual machine nodes other than the privileged virtual machine nodes each include firewall capabilities configured for that virtual machine node to restrict communications received from others).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin, LUKACS and Riel with Hoole because Hoole’s teaching of configuring the firewall of the virtual machine (as configuration settings) for restricting the communications between others (VMs) would have provided Traut, Tsirkin, LUKACS and Riel’s system with the advantage and capability to prevent any unauthorized communications between virtual machines which improving the system security and reliability.

As per claim 10, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut further teaches configuration settings of the isolated run-time environment (Traut, [0064] lines 4-6, Virtual Machine Management Service 812 manages a set of VM configurations and exposes a set of WMI-based APIs for managing and controlling VMs).

Traut, Tsirkin, LUKACS and Riel fail to specifically teach the configuration settings do not permit input/output (I/O) operations to or from persistent storage.

However, Hoole teaches the configuration settings the configuration settings do not permit input/output (I/O) operations to or from persistent storage (Hoole, [0005] lines 7-8, restricting undesired communications (as including I/O operations) to those systems from other systems (as including persistent storage, see Fig.2, 200 computing system, 240 storage); claim 6, the hosted virtual machine nodes other than the privileged virtual machine nodes each include firewall capabilities configured for that virtual machine node to restrict communications received from others).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin, LUKACS and Riel with Hoole because Hoole’s teaching of configuring the firewall of the virtual machine (as configuration settings) for restricting the communications between others (VMs) would have provided Traut, Tsirkin, LUKACS and Riel’s system with the advantage and capability to prevent any unauthorized communications between virtual machines which improving the system security and reliability.

As per claim 11, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut teaches instantiating, at the parent compute instance, a communication intermediary (Traut, Fig. 3, 302 Hypervisor B (as communication intermediary); [0033] lines 7-8, Hypervisors B 302 and C 308 are nested within guest partitions B 314 (as parent instance) and C 316, [0047] lines 1-8, One benefit of this type of hierarchical arrangement is that it supports multi-level administration of large machines. For example, a "machine administrator" can control the virtualization stack within a "root partition" (i.e. the top-most parent partition). This administrator can then create sub-partitions that have virtualization stacks of their own and assign each of these a set of machine resources (memory, processors, NICs, disk drives, and so on)).

Traut, Tsirkin, LUKACS and Riel fail to specifically teach the communication intermediary configured to utilize a local communication channel to communicate with the isolated run-time environment.

However, Hoole teaches a communication intermediary configured to utilize a local communication channel to communicate with the isolated run-time environment (Hoole, Fig. 1, 120, 115 Transmission manager (TM); [0022] lines 2-3, Transmission Manager ("TM") components manage communications between computing nodes, lines 16-21, computing systems 110a-c each host a TM component node 115 that manages outgoing data transmissions from other virtual machine nodes 120 hosted on the computing system, as well as incoming data transmissions from other nodes (whether local or remote to the data center 100) to those hosted virtual machine nodes on the computing system).

 communication intermediary) that manage the local communication with the virtual machines would have provided Traut, Tsirkin, LUKACS and Riel’s system with the advantage and capability to provide the data transmission between the virtual machines which improving the system efficiency.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Traut, Tsirkin, LUKACS, Riel and Hoole, as applied to claim 11 above, and further in view of Yasue et al. (US Patent. 5,204,949 A1).
Yasue was cited in the previous Office Action.

As per claim 12, Traut, Tsirkin, LUKACS, Riel and Hoole teach the invention according to claim 11 above. Hoole teaches utilizing the local communication channel (Hoole, Fig. 1, 115 Transmission manager (TM); [0022] lines 2-3, Transmission Manager ("TM") components manage communications between computing nodes, lines 16-21, computing systems 110a-c each host a TM component node 115 that manages outgoing data transmissions from other virtual machine nodes 120 hosted on the computing system, as well as incoming data transmissions from other nodes (whether local or remote to the data center 100) to those hosted virtual machine nodes on the computing system).

 comprises writing to one or more buffers of shared memory.

However, Yasue teaches the utilizing of the local communication channel comprises writing to one or more buffers of shared memory (Yasue, claim 7, wherein each said sub-processor controller includes means for directly writing received communication data in a predetermined reception buffer area of said shared memory).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin, LUKACS, Riel and Hoole with Yasue because Yasue’s teaching of writing the received communication data into buffer of shared memory would have provided Traut, Tsirkin, LUKACS, Riel and Hoole’s system with the advantage and capability to allow other virtual machine to easily access the received data in the shared memory which improving the system efficiency.

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Traut, Tsirkin, LUKACS and Riel, as applied to claim 6 above, and further in view of Malloy et al. (US Pub. 2018/0159771 A1).
Malloy was cited in the previous Office Action.

As per claim 13, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut teaches the isolated run-time environment (Traut, Fig. 3, 304 Guest B.1; Fig. 4, 406 Child partition A; [0047] lines 8-15, This administrator can then allow other administrators (e.g. team-level administrators) to further partition the resources they were assigned. In such a scenario, the second-level virtualization stack is constrained to use the resources provided by the first-level (i.e. root-level) virtualization stack, but then those assigned resources can be used in any way fit).

Traut, Tsirkin, LUKACS and Riel fail to specifically teach obtaining, via a programmatic interface, an indication of a program to be run in the isolated run-time environment to perform the one or more computations; and causing an executable version of the program to be launched within the isolated run-time environment.

However, Malloy teaches obtaining, via a programmatic interface, an indication of a program to be run in the isolated run-time environment to perform the one or more computations; and causing an executable version of the program to be launched within the isolated run-time environment (Malloy, claim 16, lines 1-21, network interface controller operatively coupled to a main processor with multiple cores, the network interface controller having one or more virtual port each having one or more queues configured to receive and temporarily store packets, wherein the method comprising: receiving, at the main processor, an indication from the network interface controller to perform network processing operations (as receiving the performing the network processing operations at the first and second cores to effect processing and transmission of the first and second packets to first and second applications, respectively, both the first and second applications executing (as executable version to be launched within the VM) in a virtual machine hosted on the computing device).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin, LUKACS and Riel with Malloy because Malloy’s teaching of receiving the indication to perform the processing operations and performing the operations based on the received indication would have provided Traut, Tsirkin, LUKACS and Riel’s system with the advantage and capability to easily managing the application operations which improving the system performance and efficiency.

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Traut, Tsirkin, LUKACS and Riel, as applied to claim 6 above, and further in view of INAMI (US Pub. 2018/0239638 A1).
INAMI was cited in the previous Office Action.

As per claim 14, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut, Tsirkin, LUKACS and Riel fail to specifically teach causing, based at least in part on a lifetime parameter setting, one or more programs of the isolated run-time environment to be terminated.

However, INAMI teaches causing, based at least in part on a lifetime parameter setting, one or more programs of the isolated run-time environment to be terminated (INAMI, [0047] lines 2-10, The measurement unit 210 then measures the TAT and the CPU allocation delay time of the virtual machine 130 that is the measurement object, while the virtual computer system 100 is in operation (step S103). The measurement unit 210 may measure the TAT and the CPU allocation delay time of the virtual machine that is the measurement object only once each, or a plurality of times and calculate the average value as the measurement results; [0048] lines 1-8, the measurement unit 210 checks whether the measurement of all the possible values of the scheduling parameter, specified for the virtual machine 130 that is the measurement object, has been finished (step S104) (as including lifetime parameter setting). If the measurement has not been finished, the measurement unit 210 suspends (as terminating) the operation of the virtual computer system 100, and changes (updates) the value of the scheduling parameter for the virtual machine 130).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin, LUKACS and Riel with INAMI because INAMI’s teaching of .


Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Traut, Tsirkin, LUKACS and Riel, as applied to claim 6 above, and further in view of Borthakur (US Pub. 2015/0324215 A1) and Cropper et al. (US Pub. 2017/0109187 A1).
Borthakur and Cropper were cited in the previous Office Action.

As per claim 15, Traut, Tsirkin, LUKACS and Riel teach the invention according to claim 6 above. Traut teaches assigning, for exclusive use from the isolated run-time environment, subset of resources (Traut, Fig. 3, 304 Guest B.1; Fig. 4, 406 Child partition A; [0011] lines 12-14, the child partition asks the parent partition for exclusive control of resources; [0047] lines 8-15, This administrator can then allow other administrators (e.g. team-level administrators) to further partition the resources they were assigned. In such a scenario, the second-level virtualization stack is constrained to use the resources provided by the first-level (i.e. root-level) virtualization stack, but then those assigned resources can be used in any way fit).

collecting one or more metrics of the isolated run-time environment; 25in response to detecting that the one or more metrics meet a migration criterion, causing the parent compute instance to be migrated to another virtualization host; and 30assigning, for exclusive use from the isolated run-time environment after the migration of the parent compute instance, another subset of resources allocated to the migrated parent compute instance at the other virtualization host, wherein the other subset of resources includes a different amount of memory than was assigned to the isolated run-time environment prior to the migration.

However, Borthakur teaches collecting one or more metrics of the isolated run-time environment; 25in response to detecting that the one or more metrics meet a migration criterion, causing the parent compute instance to be migrated to another virtualization host (Borthakur, abstract, lines 9-10, Resource monitoring metrics associated with hardware resources used by the first virtual machine instance;  [0018] lines 1-3, the term "resource monitoring metrics" may include actual use of computing resources by an application (or a virtual machine used to run the application); [0025] lines 15-20, when the application 185 is selected for migration (e.g., from the client private network 170 to the compute service provider 100), the VMI (as parent compute instance) running the application 185 (as isolated run-time environment) (i.e., VMI 180a) may be migrated together with any remaining VMIs that the application 185 depends on (or uses) (i.e., VMIs 180b-180c); [0029] lines 7-8, obtain resource monitoring metrics; [0031] lines 4-14, The resource monitoring metrics 160 matching the resource monitoring metrics 160 with the performance metrics (as migration criterion)).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin, LUKACS and Riel with Borthakur because Borthakur’s teaching of migrating the virtual machines based on the obtained resource monitoring metrics that match the performance metrics would have provided Traut, Tsirkin, LUKACS and Riel’s system with the advantage and capability to ensuring whether to migrating the virtual machine based on the resource and performance capability in order to improving the system performance and resource utilization.

Although, Traut teaches assigning, for exclusive use from the isolated run-time environment, subset of resources, Traut, Tsirkin, LUKACS, Riel and Borthakur fail to specifically teach the another subset of resources are assigned after the migration of the parent compute instance, the another subset of resources allocated to the migrated parent compute instance at the other virtualization host, wherein the other subset of resources includes a different amount of memory than was assigned to the isolated run-time environment prior to the migration.

another subset of resources are assigned after the migration of the parent compute instance, the another subset of resources allocated to the migrated parent compute instance at the other virtualization host, wherein the other subset of resources includes a different amount of memory than was assigned to the isolated run-time environment prior to the migration (Cropper, [0076] lines 10-20, a virtual machine management action may increase a VIOS attribute for a virtual machine such that functionality that places virtual machines on hosts will later detect that the virtual machine needs to be migrated to another host that meets the new value for the VIOS attribute. As another example, a resource allocation for a virtual machine may be changed, e.g., to resize a virtual machine's resource allocation (as include different amount of memory that is allocated) to a "maximum" size for the virtual machine, which may result in a subsequent rebalancing of workloads on different hosts and the migration of one or more virtual machines [Examiner noted: Traut teaches the subset of resources are assigned to the isolated run-time environment (see claim 6). when the size of the resource allocation is changed, the allocated resources includes a different amount of memory than was assigned to the isolated run-time environment prior to the migration]).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin, LUKACS, Riel and Borthakur with Cropper because Cropper’s teaching of resizing the resource allocation for the virtual machine would have provided Traut, . 


Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Traut (US. Pub. 2007/0050764 A1) in view of Tsirkin (US. Pub. 2019/0268318 A1) and further in view of LUKACS et al. (US Pub. 2014/0053272 A1).
Traut and Tsirkin were cited in the previous Office Action.

As per claim 16, Traut teaches the invention substantially as claimed including A virtualization host of a network-accessible computing service (Traut, [0002] lines 1-3, The present disclosure generally relates to the field computing. More specifically, it relates to computer virtualization;) comprising: 
one or more processors; and a memory; wherein the memory comprises instructions that when executed on or across the one or more processors (Traut, [0008] lines 1-2, many processors provide hardware support for one level of virtualization; Claim 15, lines 1-3, computer readable medium bearing computer executable instructions providing hierarchical virtualization):  
instantiate, within a compute instance launched by a hypervisor, an isolated run-time environment (Traut, Fig. 2B (as virtualization host), 204’ virtual machine monitor (as hypervisor), 208 Partition A (as compute instance), 202 Physical computer hardware; Fig. 3, 304 Guest B.1; Fig. 4, 406 Child partition A; [0011] lines 12-14, the child partition asks the parent partition for exclusive control of resources; [0016] multi-level administration of large machines. For example, a "machine administrator" can control the virtualization stack within a "root partition" (i.e. the top-most parent partition). This administrator can then create sub-partitions that have virtualization stacks of their own and assign each of these a set of machine resources (memory, processors, NICs, disk drives, and so on) (as the subset of the resource is assigned to partition A). This administrator can then allow other administrators (e.g. team-level administrators) to further partition the resources they were assigned. In such a scenario, the second-level virtualization stack is constrained to use the resources provided by the first-level (i.e. root-level) virtualization stack, but then those assigned resources can be used in any way fit)). 

Traut fails to specifically teach provide a result of a configuration analysis of the isolated run-time environment, wherein the configuration analysis of the isolated run-time environment of the compute instance is performed by a security manager of the hypervisor that is external to the compute instance; and perform, at the isolated run-time environment, one or more computations.

 provide a result of a configuration analysis of the isolated run-time environment (Tsirkin, Fig. 3, 354 Attestation module; [0051] lines 1-4, Attestation module 354 can perform a first validation process to prove to the guest owner of the VM 350 that the VM 350 may be securely launched with encrypted virtualization features enabled; [0051] lines 4-12, attestation module 354 can obtain a measurement representative of a state of the VM 350. The measurement may be a hash of contents of a memory of the VM 350 (e.g., a guest memory of the VM 350 as described in connection with FIG. 2). Attestation module 354 can then transmit the measurement to hypervisor 340 for transmission to the guest owner (as provide to one or more destinations with measurement (as result of configuration analysis)); and 
perform, at the isolated run-time environment, one or more computations (Tsirkin, [0053] lines 8-15, The secret data may include any suitable data that can be used to boot and/or operate VM 350 (as using secret data (security artifact) for doing one or more computations (operate VM)). The secret data may include, for example, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a virtual disk associated with VM 350).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut with Tsirkin because Tsirkin’s teaching of ensuring and verifying the security of the virtual machine and only allowing secured virtual machine to perform the operation for the user 

Traut and Tsirkin fail to specifically teach wherein the configuration analysis of the isolated run-time environment of the compute instance is performed by a security manager of the hypervisor that is external to the compute instance.

However, LUKACS teaches wherein the configuration analysis of the isolated run-time environment of the compute instance is performed by a security manager of the hypervisor that is external to the compute instance (LUKACS, Fig. 1, 140a Guest VM (as isolated run-time environment), 40a Host VM (as compute instance), 30 Host hypervisor, 32 Introspection engine (as security manager of the hypervisor that is external to the compute instance); [0023] lines 1-19, an introspection engine 32 executes substantially at the same privilege level as host hypervisor 30, and is configured to perform introspection of virtual machines exposed by hypervisor 30 and/or introspection of nested virtual machines such as guest VMs 140a-b, up to any level of nesting, as shown below. For instance, engine 32 may be a component of host hypervisor 30. In some embodiments, introspection of a VM comprises analyzing a behavior of a software object executing on the respective VM, determining and/or accessing memory addresses of such software objects, and analyzing a content of memory located at such addresses, among others. An exemplary introspection operation comprises determining whether the respective software object is malicious, e.g., whether it comprises malware such as a computer virus. In some embodiments, a set of properties, such as a memory address, of a software object executing on guest VM 140a-b).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut and Tsirkin with LUKACS because LUKACS’s teaching of using the Introspection engine (as security manager) for analyzing the processes, instruction streams, data structures, as well as driver components and parts of the operating system executing on the guest VM (as isolated run-time environment) would have provided Traut and Tsirkin’s system with the advantage and capability to allow the system to determining whether the respective software object is malicious in order to improving the system security (see LUKACS, [0023] lines 3-14, determining whether the respective software object is malicious).


Claims 17-19 is rejected under 35 U.S.C. 103 as being unpatentable over Traut, Tsirkin and LUKACS, as applied to claim 16 above, and further in view of Hoole et al. (US Pub. 2007/0239987 A1).
Hoole was cited in the previous Office Action.

As per claim 17, Traut, Tsirkin and LUKACS teach the invention according to claim 16 above. Traut further teaches configuration settings of the isolated run-time environment (Traut, [0064] lines 4-6, Virtual Machine Management Service 812 manages a set of VM configurations and exposes a set of WMI-based APIs for managing and controlling VMs).

Traut, Tsirkin and LUKACS fail to specifically teach the configuration settings is stored/storing, and do not permit network communications between the isolated run-time environment and endpoints external to the isolated run-time environment.

However, Hoole teaches the configuration settings is stored/storing, and do not permit network communications between the isolated run-time environment and endpoints external to the isolated run-time environment (Hoole, [0005] lines 7-8, restricting undesired communications to those systems from other systems (as including endpoints external, see Fig.2,); claim 6, the hosted virtual machine nodes other than the privileged virtual machine nodes each include firewall capabilities configured (as stored configuration setting) for that virtual machine node to restrict communications received from others).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin and LUKACS with Hoole because Hoole’s teaching of configuring the firewall of 

As per claim 18, Traut, Tsirkin and LUKACS teach the invention according to claim 16 above. Traut further teaches configuration settings of the isolated run-time environment (Traut, [0064] lines 4-6, Virtual Machine Management Service 812 manages a set of VM configurations and exposes a set of WMI-based APIs for managing and controlling VMs).

Traut, Tsirkin and LUKACS fail to specifically teach the configuration settings is stored, and the configuration settings do not permit access to persistent storage.

However, Hoole teaches the configuration settings is stored, and the configuration settings do not permit access to persistent storage (Hoole, [0005] lines 7-8, restricting undesired communications (as including I/O operations) to those systems from other systems (as including persistent storage, see Fig.2, 200 computing system, 240 storage); claim 6, the hosted virtual machine nodes other than the privileged virtual machine nodes each include firewall capabilities (as stored configuration setting) configured for that virtual machine node to restrict communications received from others).



As per claim 19, Traut, Tsirkin and LUKACS teach the invention according to claim 16 above. Traut teaches instantiate, at the compute instance, a communication intermediary (Traut, Fig. 3, 302 Hypervisor B (as communication intermediary); [0033] lines 7-8, Hypervisors B 302 and C 308 are nested within guest partitions B 314 (as compute instance) and C 316, [0047] lines 1-8, One benefit of this type of hierarchical arrangement is that it supports multi-level administration of large machines. For example, a "machine administrator" can control the virtualization stack within a "root partition" (i.e. the top-most parent partition). This administrator can then create sub-partitions that have virtualization stacks of their own and assign each of these a set of machine resources (memory, processors, NICs, disk drives, and so on)).

Traut, Tsirkin and LUKACS fail to specifically teach the communication intermediary configured to utilize a local communication channel to communicate with the isolated run-time environment.

 configured to utilize a local communication channel to communicate with the isolated run-time environment (Hoole, Fig. 1, 115 Transmission manager (TM); [0022] lines 2-3, Transmission Manager ("TM") components manage communications between computing nodes, lines 16-21, computing systems 110a-c each host a TM component node 115 that manages outgoing data transmissions from other virtual machine nodes 120 hosted on the computing system, as well as incoming data transmissions from other nodes (whether local or remote to the data center 100) to those hosted virtual machine nodes on the computing system).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin and LUKACS with Hoole because Hoole’s teaching of utilizing a Transmission Manager (as communication intermediary) that manage the local communication with the virtual machines would have provided Traut, Tsirkin and LUKACS’s system with the advantage and capability to provide the data transmission between the virtual machines which improving the system efficiency.


Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Traut, Tsirkin and LUKACS, as applied to claim 16 above, and further in view of INAMI (US Pub. 2018/0239638 A1).
INAMI was cited in the previous Office Action.

As per claim 20, Traut, Tsirkin and LUKACS teach the invention according to claim 16 above. Traut, Tsirkin and LUKACS fail to specifically teach de-configure, based at least in part on a lifetime parameter, the isolated run-time 20environment.

However, INAMI teaches de-configure, based at least in part on a lifetime parameter, the isolated run-time 20environment (INAMI, [0047] lines 2-10, The measurement unit 210 then measures the TAT and the CPU allocation delay time of the virtual machine 130 that is the measurement object, while the virtual computer system 100 is in operation (step S103). The measurement unit 210 may measure the TAT and the CPU allocation delay time of the virtual machine that is the measurement object only once each, or a plurality of times and calculate the average value as the measurement results; [0048] lines 1-8, the measurement unit 210 checks whether the measurement of all the possible values of the scheduling parameter, specified for the virtual machine 130 that is the measurement object, has been finished (step S104) (as including lifetime parameter setting). If the measurement has not been finished, the measurement unit 210 suspends (as de-configure (suspends)) the operation of the virtual computer system 100, and changes (updates) the value of the scheduling parameter for the virtual machine 130).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined the teaching of Traut, Tsirkin and LUKACS with INAMI because INAMI’s teaching of suspending/terminating .


Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZUJIA XU whose telephone number is (571)272-0954. The examiner can normally be reached M-F 9:00-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai An can be reached on (571) 272-3756. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MENG AI T AN/Supervisory Patent Examiner, Art Unit 2195                                                                                                                                                                                                        

/Z.X./Examiner, Art Unit 2195