DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This office action is in response to amendment filed on 11/1/2021.
Claims 1 and 17-20 have been amended.
Claims 1-20 are being considered on the merits.

	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
The Objection to the Drawing has been withdrawn as the specification has been amended to alleviate the issue.
The rejections under 35 U.S.C. 35 §112(b) and §112(d) have been withdrawn as the claims have been amended to address those issues.
The rejection of claim 17-19 under 35 U.S.C. 35 §101 has been maintained because Applicant has not provided any argument regarding to the 101 rejection as being directed to non-statutory subject matter recited in the office action mailed on 7/30/2021.
Applicant’s arguments (i.e., “wherein the metadata comprises installation metadata to start an image of the given guest” and “wherein the secret is cryptographically linked to the image”) with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 17-19 are rejected under 35 U.S.C. 101 as being directed to no more than software per se or combination of software per se and signals per se.  The claims 17-19 do not fall within at least one of the four categories of patent eligible subject matter because the claimed invention does not direct to any concrete thing consisting of parts or devices.  The specification as originally filed fails to set forth the metes and bounds of what is meant to be encompassed by the terms “processor” and “computer readable storage medium”.  As such, it is reasonable to interpret the term “processor” as software per se (see Computer Desktop Encyclopedia), and the term “computer readable storage medium” as signals per se.  Therefore, claim 17 is not patent-eligible subject matter.
The dependent claims 18-19 are depended on the rejected base claim, and are rejected for the same rationales.

Claim Rejections - 35 USC § 103
   The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 

Claims 1, 11, 13-15, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Boenisch (US 20160241393 A1) in view of Kancharla (US 20160149877 A1), and further in view of Smith et al. (US 20190169017) (hereinafter Smith).

Regarding claim 1, Boenisch teaches a computer-implemented method, comprising: configuring, by a secure interface control, communicatively coupled to a hypervisor and a hardware security module, the hardware security module for exclusive use by a secure guest managed by the hypervisor, the configuring comprising: (Boenisch, in Para. [0068 and 0077], discloses a trusted firmware (i.e. secure interface control) or trusted component (i.e. secure interface) which can be hardware or software, working with the hypervisor, which configures, uses data, and assigns hardware security modules for use by specific guest (i.e. exclusive use))
obtaining, by the secure interface control, a configuration request to configure the hardware security module, from a given guest of one or more guests managed by the (Boenisch, in Fig. 6 and in Para. [0007 and 0042], discloses configuring the hardware security model based on challenge/response data being controlled by the hypervisor, or guest systems, or both)
determining, by the secure interface control, if the hardware security module is already configured to a specific guest of the one or more guests, wherein the specific guest and the given guest comprise different guests of the one or more guests; (Boenisch, in Fig. 5 and in Para. [0040], discloses determining that the challenge/request fails (i.e. is assigned to a different guest/specific guest))
based on determining that the given guest comprises a [secure] guest, foreclosing, by the secure interface control, establishing a configuration of the hardware security module by limiting accesses by guests to the hardware security module exclusively to the given guest of the one or more guests; (Boenisch, in Para. [0024 and 0032], discloses assigning a specific guest system to its correct hardware security model and using different hardware security modules for different guest systems (i.e. limiting access to given guest)).
While Boenisch teaches assigning HSM to guests, Boenisch fails to explicitly teach a secure guest and logging in using a session code.
However, Kancharla from the analogous technical field teaches based on determining that the hardware security module is not configured to the specific guest, determining, by the secure interface control, that the given guest comprises the secure guest by evaluating metadata of the given guest; (Boenisch, in Para. [0021 and 0026], discloses determining a secured HASM-VM (i.e. guest) based on the unique static secret (i.e. part of the metadata))
(Kancharla, in Para. [0021], discloses using a unique static secret used to allow only one HSM-VMs (i.e. guest) access)
based on the logging into the hardware security module, obtaining, by the secure interface control, from the hardware security module, a session code; and (Kancharla, in Para. [0021], discloses a dynamic secret (i.e. session code) provided in real time)
retaining, by the secure interface control, the session code (Kancharla, in Para. [0021], discloses the dynamic secret (i.e. session code) being used (i.e. retained)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch to incorporate the teachings of Kancharla, with a motivation to provide improved security management using hardware security models (Kancharla, Para. [0003 and 0013]).  
Boenisch in view of Kancharla does not explicitly teach the following limitations which are disclosed by Smith, wherein the metadata comprises installation metadata to start an image of the given guest (Smith: Para. [ 0016, 0022 and 0030], “The processor 22 in response to executing the virtual machine monitor 52 may establish one or more virtual machines (VM) 100 as shown in FIG. 2 and may boot an operating system 54 in each established virtual machine”… “The virtual machine monitor 52 may take a snapshot of a virtual TPM 110 associated with a running virtual machine 100 and copy values of the snapshot to a virtual TPM 110 of another virtual machine 100 per directives of the configuration policy 130”); and wherein the metadata comprises the secret, wherein the secret is cryptographically linked to the image (Smith: Para. [0002 and 0030], “The virtual machine monitor 52 may take a snapshot of a virtual TPM 110 associated with a running virtual machine 100 and copy values of the snapshot to a virtual TPM 110 of another virtual machine 100 per directives of the configuration policy 130. The virtual machine monitor 52 may cause specified PCRs of the virtual TPMs 110 to be extended with a measurement of the virtual machine monitor 52 in response to a directive of the configuration policy”… “The measurements of a configuration may be hashed and stored in platform configuration registers (PCRs) of a TPM. A trusted platform may allow access to data only under a particular configuration of the trusted platform”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch in view of Kancharla to incorporate the teachings of Smith, with a motivation to restrict access to protected digital keys/information, based at least in part on whether a current system configuration matches a predetermined approved configuration (Smith, Para. [0013]).  

Regarding claim 11, Boenisch as modified by Kancharla and Smith teaches the computer-implemented method of claim 1.
Kancharla teaches further comprising: obtaining, by the secure interface control, from the hypervisor, an indication that the given guest has stopped; removing, by the secure interface control, the configuration (Kancharla, in Para. [0030], discloses removing HASM-VM (i.e. guests) based on the HSMs available).

Regarding claim 13, Boenisch as modified by Kancharla and Smith teaches the computer-implemented method of claim 1.
Boenisch teaches wherein the secure interface component is selected from the group consisting of: firmware, hardware, and software (Boenisch, in Para. [0077], discloses a trusted firmware (i.e. secure interface control) which can be hardware or software, which configures, uses data, and).

Regarding claim 14, Boenisch as modified by Kancharla and Smith teaches the computer-implemented method of claim 1.
Kancharla teaches wherein determining that the given guest comprises the secure guest by evaluating metadata of the given guest comprises verifying one of a presence or a type of the metadata (Kancharla, in Para. [0021], discloses the HASM-VM (i.e. guests) using (i.e. is presence) a unique static secret (i.e. type of metadata)).

Regarding claim 15, Boenisch as modified by Kancharla and Smith teaches the computer-implemented method of claim 1.
Boenisch teaches wherein utilizing the secret of the given guest, comprises decrypting, by the secure interface control, the secret (Boenisch, in Para. [0035 and 0077], discloses unencrypting the pattern (i.e. secret), where the firmware (i.e. interface control) handles using the data pattern (i.e. secret)).

As per claim 17, this claim recites a token non-transitory computer readable medium to perform the steps as recited by the method of claim 1, and has limitations that are similar to those of claim 1, thus is rejected with the same rationale applied against claim 1.

As per claim 20, this claim recites a token system to perform the steps as recited by the method of claim 1, and has limitations that are similar to those of claim 1, thus is rejected with the same rationale applied against claim 1.

Claims 2-3, 5-6, 16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla in view of Smith, in further view of Chhabra (US 10601590 B1). 

Regarding claim 2, Boenisch as modified by Kancharla and Smith teaches the computer-implemented method of claim 1.
While Boenisch as modified by Kancharla and Smith teaches a storing a session code, Boenisch as modified by Kancharla fails to explicitly teach associating a session code with a null.
However, Chhabra from the analogous technical field teaches wherein the retaining comprises storing an association of the session code with a NULL session code in a table of associations in the secure interface control (Chhabra, in Fig. 3 and in Col. 5 L. 17-42 and Col. 9 L. 1-24, discloses the database connected to the TEE (i.e. interface) storing the HSM secret (i.e. session code), where the function (i.e. generating new session code) using the secret (i.e. session code) has not been executed yet (i.e. session code is associated with null)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla and Smith to incorporate the teachings of Chhabra, with a motivation to provide improved security by protecting secrets (Chhabra, Col. 3 L. 8-14).

Regarding claim 3, Boenisch as modified by Kancharla and Smith teaches the computer-implemented method of claim 1.
Boenisch teaches wherein the metadata of the guest is integrity protected (Boenisch, in Para. [0034], discloses an encrypted (i.e. integrity protected) key and data pattern (i.e. part of metadata)).
While Boenisch as modified by Kancharla and Smith teaches integrity protected metadata, Boenisch as modified by Kancharla and Smith fails to explicitly teach a key owned by the secure interface.
However, Chhabra from the analogous technical field teaches and the secret is encrypted by a key derived using a private key owned by the secure interface control (Chhabra, Col. 7 L. 11-22, discloses a key derivation function used for the secret, that is based on the TEE (i.e. secure interface) function and key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla and Smith to incorporate the teachings of Chhabra, with a motivation to provide improved security by protecting secrets (Chhabra, Col. 3 L. 8-14).  

Regarding claim 5, Boenisch as modified by Kancharla, Smith and Chhabra teaches the computer-implemented method of claim 2.
Chhabra further teaches further comprising: based on the configuring, providing, by the secure interface control, to the given guest, a new session code to utilize by the given guest in requests to the hardware security module (Chhabra, in Fig. 7 and Col. 9 L. 1-24, discloses executing a function (i.e. generating new session code) using the secret (i.e. session code) and providing the result (i.e. new session code) to the requestor (i.e. guest)).

Regarding claim 6, Boenisch as modified by Kancharla, Smith and Chhabra teaches the computer-implemented method of claim 5.
Chhabra further teaches wherein the providing comprises: intercepting, by the secure interface control, a hardware security module login request from the given guest, wherein the hardware security module login request comprises login data from the given guest (Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses submitting a command (i.e. request) to the TEE (i.e. secure interface), where the request to the HSM includes authentication credentials (i.e. guest login data))
generating, by the secure interface control, new login data based on the secret of the given guest; (Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses the TEE (i.e. secure interface) obtaining authentication credentials (i.e. new login data), based on the measure of the code (i.e. secret))
issuing, by the secure interface control, to the hardware security module, a new hardware security module login request from the given guest, wherein the new hardware security module login request comprises the new login data; (Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses the TEE (i.e. secure interface) submitting the secret request (i.e. login request) with the authentication credentials (i.e. new login data) to the HSM)
obtaining, by the secure interface control, a session code from the hardware security module; (Chhabra, Fig. 7 and in Col. 9 L. 1-24, discloses the HSM sending the secret (i.e. session code) to the TEE (i.e. secure interface))
based on obtaining the session code from the hardware security module, generating, by the secure interface control, the new session code; (Chhabra, in Fig. 7 and Col. 9 L. 1-24, discloses the TEE (i.e. interface) executing a function (i.e. generating new session code) using the secret (i.e. session code))
storing, by the secure interface control, an association between the session code from the hardware security module and the new session code in the table; and (Chhabra, in Fig. 3 and Col. 3. L 1-14 and Col. 5 L. 17-42, discloses the TEE (i.e. interface) storing the HSM secrets (i.e. session codes) and the temporary derived secrets (i.e. new session codes))
transmitting, by the secure interface control, the new session code to the given guest, responsive to the login request (Chhabra, in Fig. 7 and Col. 9 L. 1-24, discloses providing the result (i.e. new session code) to the requestor (i.e. guest)).  The same motivation to modify Boenisch in view of Kancharla in view of Smith, in further view of Chhabra, as applied in claim 2 above, applies here.

Regarding claim 16, Boenisch as modified by Kancharla and Smith teaches the computer-implemented method of claim 15.
While Boenisch as modified by Kancharla and Smith teaches decrypting the secret, Boenisch as modified by Kancharla and Smith fails to explicitly teach a key owned by the secure interface.
However, Chhabra from the analogous technical field teaches wherein the decrypting comprises utilizing a key computed exclusively by the secure interface control (Chhabra, Col. 7 L. 11-22, discloses a key derivation function used for the secret, that is based on the TEE (i.e. secure interface) function and key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla and Smith to incorporate the teachings of Chhabra, with a motivation to provide improved security by protecting secrets (Chhabra, Col. 3 L. 8-14).  

As per claims 18-1 9, this claims recite a token non-transitory computer readable medium to perform the steps as recited by the method of claims 2-3, and has limitations that are similar to those of claims 2-3, thus is rejected with the same rationale applied against claims 2-3.

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla, Smith and Chhabra, in further view of Maximov (US 20190207764 A1).

Regarding claim 4, Boenisch as modified by Kancharla, Smith and Chhabra teaches the computer-implemented method of claim 3.
While Boenisch as modified by Kancharla, Smith and Chhabra teaches a key, Boenisch as modified by Kancharla, Smith and Chhabra fails to explicitly teach a key based on a cryptographic measurement of the boot image.
However, Maximov from the analogous technical field teaches wherein the private key comprises a cryptographic measure of a boot image of the given guest (Maximov, in Para. [0003 and 0006], discloses a key derived from the measurements based on the boot).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla, Smith and Chhabra to incorporate the teachings of Maximov, with a motivation to provide increased security (Maximov, in Para. [0012]).  

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla, Smith and Chhabra, in further view of Wang (US 20210167962 A1).

Regarding claim 7, Boenisch as modified by Kancharla, Smith and Chhabra teaches the computer-implemented method of claim 5.
While Boenisch as modified by Kancharla, Smith and Chhabra teaches a new session code, Boenisch as modified by Kancharla, Smith and Chhabra fails to explicitly teach using the new session code.
However, Wang from the analogous technical field teaches further comprising: intercepting, by the secure interface control, a request from the given guest to the hardware security module, wherein the request comprises the new session code; obtaining, by the secure interface control, from the table, the session code from the hardware security module associated with the new session code; updating, by the secure interface control, the request from the given guest to comprise a new request, wherein the new request comprises the session code from the hardware security module instead of the new session code; and issuing, by the secure interface control, the new request to the hardware security module (Wang, in Para. [0115], discloses storing the account table in association with the sensitive data in the token server (i.e. interface) and using the token for future transactions).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla, Smith and Chhabra to incorporate the teachings of Wang, with a motivation to provide enhanced security (Wang, in Para. [0132]).  

Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla, Smith, Chhabra, and Wang, in further view of Norum (US 10461943 B1).

Regarding claim 8, Boenisch as modified by Kancharla, Smith, Chhabra, and Wang teaches the computer-implemented method of claim 7.
While Boenisch as modified by Kancharla, Smith, Chhabra, and Wang teaches a request, Boenisch as modified by Kancharla, Smith, Chhabra, and Wang fails to explicitly teach issuing the fulfillment to the guest.
However, Norum from the analogous technical field teaches further comprising: obtaining, by the secure interface control, from the hardware security module, fulfillment of the request (Norum, in Fig. 8 and in Col. 18 L. 6-16); and issuing, by the secure interface control, the fulfillment of the request to the given guest (Norum, in Fig. 8 and in Col. 18 L. 6-16, discloses ending the session is communicated between the HSM virtual HSM (i.e. interface) and client (i.e. guest)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla, Smith, Chhabra, and Wang to incorporate the teachings of Norum, with a motivation to provide increased performance when adding and removing HSMs (Norum, in Col. 11. L. 48-53).  

Regarding claim 9, Boenisch as modified by Kancharla, Smith, Chhabra, Wang, and Norum teaches the computer-implemented method of claim 8.
Norum further teaches wherein the request is selected from the group consisting of: a hardware security module secure key generation request, and a hardware security module logout request (Norum, in Fig. 8 and in Col. 18 L. 6-16, discloses the client (i.e. guest) ending the session (i.e. logout request)).  The same motivation to modify Boenisch in view of Kancharla, Smith, Chhabra, Wang and Norum, as applied in claim 8 above, applies here.

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla, Smith and Chhabra, in further view of Norum (US 10461943 B1).

Regarding claim 10, Boenisch as modified by Kancharla, Smith and Chhabra teaches the computer-implemented method of claim 6.
While Boenisch as modified by Kancharla, Smith and Chhabra teaches a request, Boenisch as modified by Kancharla, Smith and Chhabra fails to explicitly teach logging out.
However, Norum from the analogous technical field teaches further comprising: obtaining, by the secure interface control, from the hypervisor, an indication that the given guest has stopped; identifying, by the secure interface component, the (Norum, in Col. 18 L. 6-16, discloses the HSM deleting the session key (i.e. content of table) and propagating the delete instruction (i.e. logging out from all HSMs)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla, Smith and Chhabra to incorporate the teachings of Norum, with a motivation to provide increased performance when adding and removing HSMs (Norum, in Col. 11. L. 48-53).  

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Boenisch in view of Kancharla, Smith and Chhabra, in further view of Kancharla (US 20180062854 A1).

Regarding claim 12, Boenisch as modified by Kancharla, Smith and Chhabra teaches the computer-implemented method of claim 6.
While Boenisch as modified by Kancharla, Smith and Chhabra teaches an interface, Boenisch as modified by Kancharla, Smith and Chhabra fails to explicitly teach removing the references when the given guest has stopped.
However, Kancharla from the analogous technical field teaches further comprising: obtaining, by the secure interface control, from the hypervisor, an indication that the given guest has stopped; identifying, by the secure interface component, references to the given guest retained in the hardware security module; and removing, by the secure interface component, the references (Kancharla, in Para. [0020] and claim 17, discloses deleting the PMS and parameters (i.e. references) from the HSM).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Boenisch as modified by Kancharla, Smith and Chhabra to incorporate the teachings of Kancharla, with a motivation to optimize the service provided by HSMs (Kancharla, Para. [0012]).  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 





/TRANG T DOAN/Primary Examiner, Art Unit 2431