DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

RESPONSE TO AMENDMENT
	Claim rejections based on prior art

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/04/2022 has been entered.

	Applicant's arguments filed 12/20/2021 with respect to claims 1-20 have been fully considered but are not persuasive.
	With respect to “Tsirkin does not disclose ‘the OS procedure is stored outside of the protected memory’”, as discloses in page 8 of Applicant’s remarks, Examiner is equating claimed ‘OS procedure’ to loading/storing kernel code 202 in second range of memory addresses of Tsirkin as discloses in fig. 2 and first range of memory addresses of Tsirkin as discloses in fig. 2, as claimed ‘protected memory’. See paragraph 0035 of Tsirkin, which discloses “patching code 204 may be kept separate from kernel code 202 so that if kernel code 202 is compromised, it will still be difficult for the attacker to modify write-protected guest memory. In an example, patching code 204 is marked with a special compiler or linker attribute, and is placed in a separate text modifying section in the kernel executable. Guest 111 may be partitioned such that a first portion of guest memory 114 (e.g., kernel code 202) may be modified by a second portion of guest memory 114 (e.g., patching code 204)”. See also claim 4 of the current application which defines separate address spaces as a form of separation. Also, keep in mind patching code 204 and kernel code 202 are in separate address spaces.

OBJECTIONS TO THE CLAIMS


	Claim 1-20 are objected to as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
		As per claims 1, 10 and 17, because of limitation “wherein the OS procedure is stored outside of the protected memory”, it’s not clear if the ‘OS procedure’ is modifying a memory location or if it’s a memory location. Correction is needed.
	 
REJECTIONS BASED ON PRIOR ART
Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tsirkin et al. (US pub. 2017/0329618), hereinafter, “Tsirkin”.

At the outset, Applicant is reminded that claims subject to examination will be given their broadest reasonable interpretation in light of the supporting disclosure. In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 1023,1027-28 (Fed. Cir. 1997). With this in mind, the discussion will focus on how the terms and relationships between the terms in the claims are met by the references.

2.         As per claims 1, 10 and 17, Tsirkin discloses a method comprising: invoking an operating system procedure that is directed to modifying memory locations (second range of memory addresses locations, as disclose in fig. 2, as discloses in paragraph 0049) in an operating system memory, the memory locations storing kernel code (kernel code 202) of an operating system (OS) (see abstract, which discloses “systems and methods are provided for modifying a set of memory pages. An example method includes loading kernel code and patching code of a kernel into a guest memory. The patching code is stored at a first range of memory addresses, which is in an executable mode in a first set of hypervisor page tables. The method also includes detecting a demand to modify a set of memory pages and sending a request to the hypervisor to transfer control to the patching code in response to detecting the demand”. Note, Examiner is equating claimed ‘OS procedure’ to loading/storing kernel code 202); in response to invoking the OS procedure, validating content (instructions of patching code 204) of at least a portion of a protected (see paragraph 0035 for ‘protected’) memory (first range of memory addresses locations, as disclose in fig. 2) that stores program code (patching code 204) comprising a kernel-modifying procedure [see paragraph 0054, which discloses “patching code 204 includes instructions to determine whether the request (or demand) to modify set of memory pages 124 is valid”. The request (or demand) being validated by patching code 204 is being equated to a validation of an instruction of the memory storing the patching code 204], wherein the OS procedure is stored outside of the protected memory [see paragraph 0035, which discloses “patching code 204 may be kept separate from kernel code 202 so that if kernel code 202 is compromised, it will still be difficult for the attacker to modify write-protected guest memory. In an example, patching code 204 is marked with a special compiler or linker attribute, and is placed in a separate text modifying section in the kernel executable. Guest 111 may be partitioned such that a first portion of guest memory 114 (e.g., kernel code 202) may be modified by a second portion of guest memory 114 (e.g., patching code 204)”. See also claim 4 below which defines separate address spaces as a form of separation. Also, keep in mind patching code 204 and kernel code 202 are in separate address spaces]; and in response to a determination that the content of the at least the portion of the protected memory that stores the program code comprising the kernel-modifying procedure is deemed to be valid, causing the kernel-modifying procedure to execute (see paragraph 0054, which discloses “patching code 204 may modify set of memory pages 124 in accordance with the request in response to a determination that the request is valid. Patching code 204 may send an error message in response to a determination that the request is not valid”), wherein execution of the kernel-modifying procedure includes executing the program code to cause modifying of the kernel code stored in the memory locations in the OS memory (see paragraph 0054, which discloses “Patching code 204 may receive a range of memory addresses storing the data for which the modification is requested and the data to modify. In an example, the request is a request to insert a trace point in kernel code 202. Kernel code 202 may include special markup at which a trace point may be inserted”). 

claims 2, 11 and 18, Tsirkin discloses “The method of claim 1” [See rejection to claim 1 above], further comprising storing the program code comprising the kernel-modifying procedure in the protected memory based on bringing up of the OS (see paragraph 0006, which discloses “loading, by a guest running on a virtual machine, kernel code and patching code of a kernel into a guest memory allocated to the guest, the patching code corresponding to a first set of hypervisor page tables”). 

4.         As per claim 3, Tsirkin discloses, wherein the kernel-modifying procedure is one procedure among a plurality of procedures that modify the kernel code (see paragraph 0016, which discloses “it may be desirable to modify memory that is write-protected for various reasons. For example, it may be desirable to modify write-protected kernel code to enable debugging”). 

5.         As per claims 4, 12 and 19, Tsirkin discloses, wherein an address space of the kernel code is separate from an address space of the protected memory (see paragraph 0035, which discloses “in the example illustrated in FIG. 2, patching code 204 is stored at a first range of memory addresses 210 in guest memory 114, and kernel code 202 is stored at a second range of memory addresses 212 in guest memory 114. First set of hypervisor page tables 116-1 and second set of hypervisor page tables 116-2 may be mutually exclusive and stored in separate memory regions from each other. Patching code 204 may be kept separate from kernel code 202 so that if kernel code 202 is compromised, it will still be difficult for the attacker to modify write-protected guest memory. In an example, patching code 204 is marked with a special compiler or linker attribute, and is placed in a separate text modifying section in the kernel executable”). 

6.         As per claims 5 and 13, Tsirkin discloses, wherein the kernel code and the protected memory are on different computer systems [see paragraph 0037, which discloses “FIG. 3 is an example of first set of hypervisor page tables 116-1 and second set of hypervisor page tables 116-2. In FIG. 3, memory pages 302-1, . . . , and 302-n correspond to first range of memory addresses 210, which stores patching code 204, and memory pages 304-1, 304-2, 304-3, . . . , and 304-n correspond to second range of memory addresses 212, which stores kernel code 202”. As discloses in paragraph 0037, virtual machine 110, a respective system, storing kernel code 202, while hypervisor 108, another system, storing patching code 204]. 

7.         As per claims 6 and 14, Tsirkin discloses, wherein write operations on OS memory pages that contain the kernel code are disabled during initialization of the OS (see paragraph 0036, which discloses “hypervisor 108 may allow guest 111 to switch between first set of hypervisor page tables 116-1 and second set of hypervisor page tables 116-2. Each guest virtual processor is restricted by the access permissions specified in the active hypervisor page table. In an example, guest 111 performs operations on memory pages based on the permission bits in the active hypervisor page table. In keeping with the above examples, after control is transferred to patching code 204, first set of hypervisor page tables 116-1 is active. Additionally, after control is transferred to kernel code 202, second set of hypervisor page tables 116-2 is active”), the method further comprising: enabling write operations on the OS memory pages prior to causing the kernel-modifying procedure to execute; and disabling [see paragraph 0038, which discloses “in FIG. 3, in first set of hypervisor page tables 116-1, memory pages 302-1, . . . , and 302-n are set to the readable, non-writable, and executable permissions, and memory pages 304-1, 304-2, 304-3, . . . , and 304-n are set to the readable, writable, and non-executable permissions. Additionally, in second set of hypervisor page tables 116-2, memory pages 302-1, . . . , and 302-n are set to the readable, non-writable, and executable permissions, and memory pages 304-1, 304-2, 304-3, . . . , and 304-n are set to the readable, non-writable, and executable permissions. In some examples, memory pages 302-1, . . . , 302-n are set to the non-executable permissions. It may be desirable for hypervisor 108 to switch between these two sets of hypervisor page tables. If first set of hypervisor page tables 116-1 is active, patching code 204 is executable (but non-modifiable) and kernel code 202 is modifiable (but not executable). If second set of hypervisor page tables 116-2 is active, patching code 204 and kernel code 202 are non-modifiable”]. 

8.         As per claim 7, Tsirkin discloses, further comprising receiving a system call and in response to receiving the system call, invoking the OS procedure (see paragraph 0050, which discloses “kernel code 202 may have control of virtual processor 112-1. While kernel code 202 has control of virtual processor 112-1, second set of hypervisor page tables 116-2 is active. In FIG. 4B, at an action 452, guest 111 detects a demand to modify set of memory pages 124. At an action 454, in response to detecting the demand to modify set of memory pages 124, guest 111 sends a request to hypervisor 108 to transfer control to patching code 204. Guest 111 may send the request to hypervisor 108 to transfer control to patching code 204 by invoking a hypercall or other privileged instruction that requests hypervisor 108 to transfer control to patching code 204”). 

9.         As per claims 8, 15 and 20, Tsirkin discloses, wherein the OS is a guest OS of a virtual machine (see paragraph 0004, which discloses “an example method of modifying a set of memory pages includes loading, by a guest running on a virtual machine, kernel code and patching code of a kernel into a guest memory allocated to the guest”), wherein the validating includes: the guest OS invoking a hypervisor procedure in a hypervisor that instantiated the virtual machine (see paragraph 0026, which discloses “guest 111 may send the request to hypervisor 108 to transfer control to patching code 204 by invoking a hypercall or other privileged instruction that requests hypervisor 108 to transfer control to patching code 204
”); and the hypervisor procedure validating the content of the at least the portion of the protected memory that stores the program code comprising the kernel-modifying procedure [see paragraph 0054, which discloses “in another example, patching code 204 includes instructions to determine whether the request (or demand) to modify set of memory pages 124 is valid”]. 

10.         As per claims 9 and 16, Tsirkin discloses, wherein causing the kernel-modifying procedure to execute includes the hypervisor procedure invoking the kernel-modifying procedure (see paragraph 0026, which discloses “guest 111 may send the request to hypervisor 108 to transfer control to patching code 204 by invoking a hypercall or other privileged instruction that requests hypervisor 108 to transfer control to patching code 204”). 


CLOSING COMMENTS
CONCLUSION

a. STATUS OF CLAIMS IN THE APPLICATION 

	The following is a summary of the treatment and status of all claims in the 

application as recommended by M.P.E.P. 707.07(i):


 a (1) CLAIMS REJECTED IN THE APPLICATION 

	Per the instant office action, claims 1-20 have received a first action on the merits and are subject of a first action non-final.

 
b. DIRECTION OF FUTURE CORRESPONDENCES

	Any inquiry concerning this communication or earlier communications from the 

Examiner should be directed to Ernest Unelus whose telephone number is (571) 272-

8596. The examiner can normally be reached on Monday to Friday 9:00 AM to 5:00 PM. 


IMPORTANT NOTE
 
	If attempts to reach the above noted Examiner by telephone are unsuccessful, the 

Examiner's supervisor, Mr. Idriss Alrobaye, can be reached at the following telephone number: 

Area Code (571) 270-1023.

The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status 


/Ernest Unelus/
Primary Examiner
Art Unit 2181