DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8 March 2019 and 15 December 2021 have considered by the examiner, except for those NPL and foreign references on the 15 December 2021 IDs that have not been provided.  Those references have been lined through on the annotated IDS.

Claim Interpretation
Examiner notes that Applicant has provided a limiting definition of the phrase “computer readable storage medium” at paragraph 87 of its specification that specifically excludes signals and other transitory media.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-6, 8, 10-11 and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2015/0178504 by Nystrom et al. in view of U.S. Patent Application Publication No. 2016/0132345 by Bacher et al.
As to claims 1, 15 and 20, Nystrom discloses a computer-implemented method/system/medium, comprising: 
obtaining, Nystrom: Page 4, Sec 47; hypervisor manages virtual machines (guests) in the system), metadata linked to an image of a secure guest of an owner and managed by the hypervisor, wherein the metadata comprises one or more controls, wherein each control of the one or more controls Nystrom: Page 5, Sec 57-60, measurements taken by and stored in the TPM, for example a measurement of a boot loader for a specific VM stored in the TPM, these measurements are used as control to determine if the VM has permission to be executed by the hypervisor); 
intercepting, Nystrom: Fig 8; Page 8, Sec 212-125; 810 – key request received); 
determining, Nystrom: Fig 8; Page 8, Sec 212-125; 815 – evaluation of whether policy satisfied); 
determining, Nystrom: Fig 8; Page 8, Sec 212-125; 815 - evaluation of whether policy satisfied); 
based on determining that the hypervisor is permitted to execute the instance, enabling, Nystrom: Fig 8; Page 8, Sec 212-125; 820 – virtual key provided to hypervisor if po0icy is satisfied and instance allowed); and 
Nystrom: Fig 8; Page 8, Sec 212-125; if policy is not satisfied, instance not allowed). 
Nystrom does not expressly disclose a secure interface control coupled to the hypervisor and performing all the stated functions.
Bacher discloses a secure interface control that controls the hypervisor (Bacher: 70 – Fig 3; Page 3, Sec 30-33; firmware acts as a secure controller for the hypervisor).
Nystrom and Bacher are analogous art because they are from the common area of hypervisor based VM systems).
It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use to firmware component of Bacher in the system of Nystrom.  The rationale would have been to provide a single point of access to the hypervisor (Bacher: 70 – Fig 3; Page 3, Sec 30-33).
As to claims 2 and 16, the modified Nystrom/Bacher reference further discloses wherein obtaining the metadata further comprises: decrypting, by the secure interface control, a portion of the metadata linked to the image of the secure guest, wherein the metadata is integrity protected and the portion comprising a cryptographic measure of a boot image of the secure guest was encrypted by a key derived using a private key (Nystrom: Page 8, Sec 124).
As to claims 3 and 17, the modified Nystrom/Bacher reference further discloses wherein the encrypted portion of the metadata comprises the one or more controls (Nystrom: Page 4, Sec 45).
claims 4 and 18, the modified Nystrom/Bacher reference further discloses wherein each control of the one or more controls comprises an environmental constraint (Nystrom: Page 4, Sec 50-52). 
As to claims 5 and 19, the modified Nystrom/Bacher reference further discloses wherein the environmental constraints are selected from the group consisting of: systems configured to perform hardware measurements, and systems configured to use a non-system specific host key (Nystrom: Page 4, Sec 50-52).  
As to claim 6, the modified Nystrom/Bacher reference further discloses wherein the private key is owned by the secure interface control and used exclusively by the secure interface control (Nystrom: Page 8, Sec 120).
As to claim 8, the modified Nystrom/Bacher reference further discloses wherein the metadata comprises values derived from a boot image of the secure guest computed utilizing a collision resistant one-way function (Nystrom: Page 5, Sec 57).
As to claim 10, the modified Nystrom/Bacher reference further discloses wherein the metadata is inaccessible to the instance of the secure guest (Nystrom: Page 5, Sec 57-60, measurements taken by and stored in the TPM).
As to claim 11, the modified Nystrom/Bacher reference further discloses wherein determining if the hypervisor is permitted to execute the instance further comprises: identifying, by the secure interface control, in the one or more controls, a control relevant to a setting of the one or more system settings; and determining, by the secure interface control, if the control enables or restricts executing the instance, based on the control (Nystrom: Fig 8; Page 8, Sec 212-125). 
As to claim 14, the modified Nystrom/Bacher reference further discloses wherein intercepting the command by the hypervisor to initiate the instance of the secure guest from the image of the secure guest further comprises: performing, by secure interface control, an integrity check on the metadata; and based on successfully completing the integrity check, reading, by the secure interface control, the one or more controls in the metadata (Nystrom: Page 3, Sec 34).  

Allowable Subject Matter
Claims 7, 9 and 12-13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL S MCNALLY whose telephone number is (571)270-1599. The examiner can normally be reached Monday-Friday, 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MICHAEL S. MCNALLY
Primary Examiner
Art Unit 2432



/Michael S McNally/Primary Examiner, Art Unit 2432