PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/588,392
Filing Date: 5 May 2017
Appellant(s): AMIT et al.



__________________
Ankur Garg (Registration No. 62,436)
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 11/22/2021.

(1) Grounds of Rejection to be Reviewed on Appeal

Every ground of rejection set forth in the Office action dated 06/08/2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
The following ground(s) of rejection are applicable to the appealed claims.
A. Claims 1-3, 5, 12-15, and 19-21 rejected under 35 U.S.C. 103 as being unpatentable over Nakajima et al. (U.S. Patent No. 9,747,123 B2) in view of Wang et al. “Jitk: A Trustworthy In-Kernel Interpreter Infrastructure”.
B. Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Nakajima in view of Wang as applied to claim 1, and further in view of Mahadevan et al. (U.S. Patent No. 5,797,013 A).
Claims 6-11, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Nakajima in view of Wang as applied to claims 1 and 12, and further in view of Dabak et al. (U.S. Pub. No. 20180267818 A1).

 (2) Response to Argument

In the Appeal Brief Appellant argues:

Appellant notes that prosecution was reopened by the Office after the filing of Appellant’s Appeal Brief on March 4, 2021. While the Office added a new secondary reference (Wang) after reopening prosecution, Appellant’s arguments presented in the earlier-filed Appeal Brief still apply to the Office’s reliance on Nakajima as allegedly teaching various features of Appellant’s claims, and these arguments have not been addressed by the Office (Appeal Brief, pg. 7-8, Section 1).
In regards to point 1, the Examiner submits that there is not a requirement to respond to arguments made in an Appeal Brief directed to rejections in an Office Action that has been superseded and in fact the instant rejection is predicated on different set of references (Nakajima and Wang). Also, Examiner has reviewed all arguments against Nakajima in the earlier Appeal Brief which are the same as the arguments in the instant appeal brief and are being addressed by the below responses. 

2) 	Neither Nakajima nor Wang teaches, suggests, or otherwise renders
obvious “callback byte code that has been registered by the guest
operating system with the hypervisor” 
More specifically, Appellant alleges that “The Office Action alleges that the claimed “guest operating system” can be reasonably interpreted as the “non-root hypervisor executing as a guest” of Nakajima. Office Action, p. 3. However, Appellant submits that such an interpretation of the claimed “guest operating system” is not a reasonable interpretation, especially in light of Appellant’s specification (Appeal Brief pg. 8, 3rd par.).

	

Examiner, would like to note that in nested virtualization concept (described in Nakajima) a first hypervisor executed atop of a second hypervisor is a guest of the second hypervisor similar to virtual machines executing atop a first hypervisor are guests of the first hypervisor. That is, the upper level hypervisor (which executes within a VM) acts as a guest operating system of the lower level hypervisor. This is further illustrated in Fig. 3 (below) of Nakajima where Non-root hypervisor 306 runs as guest of root hypervisor 320, and similarly virtual machines 304 run as guests of the non-root hypervisor 306.
Further, regarding Appellant argument that the relationship is important because the invention pertains to allowing the hypervisor to obtain information of the guest operating system that it would not normally have access to. Examiner, respectfully submits the relationship between the lower level, root-hypervisor of Nakajima and the higher level, non-root hypervisor is the same as the relationship as the hypervisor and the guest operating system describe in the instant claim. Further still, the non-root hypervisor itself has guests. If for no other reason, the non-root hypervisor is registering callbacks for its guests and therefore is explicitly the relationship as claimed. 

    PNG
    media_image2.png
    390
    555
    media_image2.png
    Greyscale

 Fig. 3 (Nakajima)

  Additionally, Wang also discloses a Jitk/BPF architecture 

    PNG
    media_image3.png
    259
    211
    media_image3.png
    Greyscale
      Fig. 13 (Wang)



3) Neither Nakajima nor Wang teaches, suggests, or otherwise renders obvious “executing, by the hypervisor, the assembled callback executable code to obtain information regarding the guest operating system running in the virtual machine” (Appeal Brief pg. 10).

In regards to point 3, appellant appears to argue that when executing the callback handler of Nakajima, the root-hypervisor does not obtain information of the guest operating system. However, Appellant’s assertions that “There is no indication that these “pointers to virtual VMX objects 308, or lists of requested VMCS 328 field updates to be made” comprise “information regarding [a] guest operating system,”” is plainly incorrect. The VMX (virtual machine extension) objects and VMCS (virtual machine control structure) clearly contain guest operating system information (Nakajima col. 7, lines 39-48).  Further, in regards to appellants arguments that “even assuming arguendo that a non-root hypervisor could be interpreted as a guest operating system, there is no indication in Nakajima that the callback handler, when executed, obtains the 
Additionally, Wang clearly discloses [pg 5-6, section 4.1 and Fig. 13] a BPF architecture which facilitates user/applications to submit a BPF bytecode and register with the Kernel, 2) in response to system calls, a BPF JIT compiler is configured to translate the BPF bytecode into native code, and 3) Kernel executes the translated bytecode and determines whether to allow calls based on the information/policies in the bytecode. 
Further, [pg. 6, section 4.2.1, Lemma 2] describes that a filter must be transmitted correctly from user space to the kernel. To cross the user-kernel boundary, the filter is encoded from the in-memory representation into a byte-level representation as shown in Figure 4, submitted to the kernel through a system call (e.g., prctlin Linux [20]), and then decoded back into the in-memory representation by the kernel’s BPF JIT. The reconstructed filter in the kernel must be the same as its user-space. That is, the filter 

4. Neither Nakajima nor Wang teaches, suggests, or otherwise renders obvious “the assembled callback executable code is executed without a context switch responsive to the occurrence of the specified event” as recited in claim 5.
a) … while Nakajima may describe a root hypervisor executing a callback handler without switching to non-root mode, there is no indication that the callback handler allows the root hypervisor to obtain information regarding a guest OS without a context switch to the guest OS. 
b) … even assuming arguendo, a non-root hypervisor could be considered a guest OS, and even assuming arguendo that registering is executing, which they are not, the information is supplied by the non-root hypervisor itself, while the root hypervisor is what executes the callback handler, so there would have to be a context switch from the root hypervisor to the non-root hypervisor for the information to be supplied.

In regards to point (a), Appellants first acknowledges that “Nakajima may describe a root hypervisor executing a callback handler without switching to non-root mode”, and then asserts that “there is no indication that the callback handler allows the root hypervisor to obtain information regarding a guest OS without a context switch to the guest OS”.  Examiner, however, notes that claims 5 and 15 only recite “the call back” the assembled callback executable code is executed without a context switch responsive to the occurrence of the specified event”, and there’s no mention of the limitations “allows the root hypervisor to obtain information regarding the guest OS”. Nevertheless, Examiner reiterates that in Nakajima teaches executing of the callback handler without switching to a non-root mode which is the same as executing the callback handler without context switching between root-mode and the non-root mode. This is further evidenced in Nakajima, col. 11, lines 25-28, ... in some embodiments, if the non-root hypervisor 306 is trusted by the root hypervisor 320, the computing device 100 may remain in the VMX-root mode while executing the callback handler 316. In other words, the root hypervisor entirely executes the callback handler without having to context switch to the non-root level if the non-root hypervisor is trusted.  Further, Nakajima (col. 9:43-47) also indicates that when registering the callback handler, the non-root hypervisor may also supply additional information. Therefore, one of ordinary skill would recognize that upon execution the root-hypervisor would obtain information (e.g. the “virtual VMX objects 308, or lists of requested VMC supplied by the non-root Hypervisor) regarding the guest operating system. Additionally, Wang [pg. 6, left col., lines 1-3] describes that: In Jitk when the kernel accepts BPF bytecode from user space, a JIT translates the BPF filter into native code. This native code is then executed for each system call to decide whether to allow that system call. Here, there’s no context switching because the BPF filter is provided to the Kernel via the BPF bytecode. Therefore, Wang also teaches executing the translated BPF bytecode into native code without context switch. 
As per point (b) Examiner respectfully disagrees with Appellant. 


5. Neither Nakajima nor Wang teaches, suggests, or otherwise renders obvious “wherein the callback byte code is derived and prepared from one or more functions of the guest operating system”, recited in claims 3, 13. 

In regards to point 5, Appellants argument that “a callback handler being embodied as “any function, method, vector, or other routine that may be invoked” does not mean that the callback handler is derived and prepared from one or more functions of the
guest operating system, is not persuasive because such argument merely amounts to general allegation without any supporting argument.  Nakajima clearly describes, col. 7, lines 55-61, the non-root hypervisor includes one or more callback handlers 316, which may be embodied as any function, method, vector, or other routine that may be invoked by the root hypervisor 320. In other words, the handlers are provided by the guest hypervisor as function or method.  Also, Wang was cited as teaching “callback 

For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/WILLY W HUARACHA/
Examiner, Art Unit 2195


Conferees:
/BRADLEY A TEETS/Primary Examiner, Art Unit 2195             
                                                                                                                                                                                           /MENG AI T AN/Supervisory Patent Examiner, Art Unit 2195                                                                                                                                                                                                        

Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.