DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1,3, 5-10, 12, 14-19, 21, are 23-27 are pending in the current application, wherein claims 1, 5, 8-10, 14, 17-19, and 23 are amended, claims 2, 4, 11, 13, 20 and 22 are cancelled, claims 26-27 are newly added.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1, 3, 5-7, 10, 12, 14-16, 19, 21, and 23-27 are rejected under 35 U.S.C. 103 as being unpatentable over Bullions et al. (“Milli Code”, IBM Technical Disclosure 

As for claim 1, Bullions teaches a method comprising:
receiving, by a communication interface of a secure interface control [The Milli-Mode Detection Logic 120] executing between the secure interface control of a computer and hardware of the computer [hardware execution elements 104], (Pg. 452-453, “The Milli-Mode Detection Logic 120 is connected to receive the output of the instruction registers 100” (pg. 452) and “Milli-instructions are sent to the Instruction Registers 100 where the decoder 102 decodes...and schedules them for execution at the appropriate hardware execution elements 104…”  Examiner note, secure interface control as taught in the specification, is an interface, and communication interface is a gateway for the millicode execution (specification paragraphs 98-99). Thus, under the broadest reasonable interpretation, the detection logic 120 of the prior art is a gateway to the hardware execution of millicode.), an instruction from software executing on the computer (Pg. 452, “instructions…” are put into cache and Milli-code array which are pulled into instruction register 100.  Which came from main memory storing the execution instructions of software entities executing on the platform.);
determining, by the communication interface, whether the instruction includes a request for the secure interface control to perform a specified action (Pg. 452 -453, “The Milli-Mode detection logic 1220 recognizes when a macro-instruction being decoded is of a type that is to be interpreted in milli-mode…milli-routine implements one or more of the complex functions or instructions…”  Current specification states the instruction can 
based on determining that the instruction includes a request for the secure interface control to perform a specific action (Pg. 452-453, “…the detection logic 120 also informs the register controls 126 and puts the decoder 102 into milli-mode…”);
entering, by the communication interface, a millimode, the entering millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface to perform the specified action (Pg. 452-453, “generates an entry point address for the Millicode Array 106 and passes this address along to the instruction fetch control…the detection logic 120 also informs the register controls 126 and puts the decoder 102 into milli-mode (which causes the decoder to allow milli-instructions to be decoded…the instruction fetch control logic switches fetching from the cache 112 to the millicode array 106…the initial milli-instructions are fetched…sent to the instruction registers 100…decodes them and schedules them for execution…” Here, the Milli-Mode Detection 120 is a part of 102, thus, it would be obvious to a person of ordinary skill in the art before the effective filing date of the application to recognize cause the decoder to allow milli-instructions to be decoded 
executing, by the millicode, the instruction (Pg. 454, “the processor decodes and executes the milli-instructions that implement the macro-instruction that caused entry into milli-mode…”).

While Bullion teaches the millicode accessible storage area is protected from other areas (Pg. 452), however, Bullion does not explicitly teach the software executing on the computer includes a secured entity executed by an un-secured entity or that the millicode including a hardware mechanism that prevents the un-secured entity from accessing the contents of a secure storage location that is assigned to the secured entity.
Sell teaches method of execution of specific microcodes to control access to protected storage areas including wherein a secure interface control [protected regions enforcer] is in communication with a secured entity [application] executed by un-secured entity [hypervisor/] that issues the instruction (paragraphs 4-5, “…these PR's are regions having detailed access defining attributes assigned to them whereby restrictions are imposed as to which one or more (if any at all) execution threads (XT's) can execute code present within the respective PR's and/or which one or more (if any at all) execution threads (XT's) can access informational data present within the respective PR's for purposes of reading or overwriting the informational data. …access-restricting tests are performed by the buried hardware/firmware mechanism (the PR enforcer) whose internal operations cannot be interfered with by the OS, or by the 
the millicode including a hardware mechanism that prevents the un-secured entity from accessing contents of a secure storage location [meta data zone] that is assigned to the secured entity (paragraph 5.  “…the buried hardware/firmware mechanism (the PR enforcer) whose internal operations cannot be interfered with by…the hypervisor….” and paragraph 35 “…the PR-owning application 70 can cause….to be changed or destroyed by use of special PR-attribute changing opcodes provided in the microcodes holding section …of the master uP’s …and usable only by the PR-owning application to request that the PR enforcer perform these operations….the buried metadata zone 75 d can be caused to be dynamically written into or destroyed at the behest of the PR-owning application 70…”, and paragraph 49 “…this special PR enforcing firmware ….defined …by added microcodes and/or added hardware and having functions invoked by the added-on new opcodes).  This known technique is applicable to the system of Bullions as they both share characteristics and capabilities, namely, they are directed to controlled execution of instructions by hardware utilizing micro/milli code.
One of ordinary skill in the art before the effective filing date of the application would have recognized that applying the known technique of Sell would have yielded predictable results and resulted in an improved system.  It would have been recognized that applying the technique of Sell to the teachings of Bullions would have yielded 

As for claims 10 and 19, they are the product and system claims of method claim 1.  Thus, they are rejected under the same rationales.

As for claim 3, Bullions also teaches the communication interface exits the millimode after the instruction is executed by the millicode (Pg. 454, “the detection logic 120 recognizes a millicode END (MEND) milli-instruction…cease fetching milli-instructions…puts decoder in macro-mode and causes the processor to begin fetching macro-instructions…completion of a Mend milli-instruction causes the processor completion logic to begin completing micro-instructions…”).

As for claims 12 and 21, they are the product and system claims of method claim 3.  Thus, they are rejected under the same rationales.

As for Claim 5, Sell teaches wherein the un-secured entity comprises a hypervisor, the secured entity comprises a secured guest (paragraph 65, “…not necessarily trustworthy hypervisor” and “application” where application is implemented in VM (paragraph 26))
the instruction comprises an architected instruction (paragraph 35, “opcodes provided in the microcodes holding section…” and paragraph 49, “…added-on PR supporting microcodes…” added microcodes and/or added hardware and having functions invoked by the added-on new opcodes…”).

As for claims 14 and 23, they are the product and system claims of method claim 5.  Thus, they are rejected under the same rationales.

As for claim 6, Bullions also teaches the millicode utilizes enhancements of the communication interface to access secure storage associated with the instruction in a secure execution context (Pg. 452, “the execution element which execute the milli-instructions have access to a local working storage (LWS) 118 for use by the millicode, the LWS 118 provides the millicode with a means to retain results outside of the architected facilities…” As such, the LWS is understood as secure storage.).

As for claims 15 and 24, they are the product and system claims of method claim 6.  Thus, they are rejected under the same rationales.

As for claim 7, Bullions also teaches the millicode is an extension of the hardware that performs functions of the secure interface control upon executing the instruction (Pg. 452, “…each milli-routine implements one or more of the complex functions or instructions…. contained…. private milli-mode only instructions. The private instructions provide control functions needed by the millicode routines…the set of millicode routines reside outside of program addressable storage…” because they are outside of program addressable storage, it is understood as a form of secure function execution).

As for claims 16 and 25, they are the product and system claims of method claim 7.  Thus, they are rejected under the same rationales.

As for claim 26, Sell also teaches the hardware mechanism comprises a zone-security table that indicates that the secure storage location is associated with the secured entity (Fig. 2E – “application…Access Map” and “Buried PR translation table views”, and paragraphs 105.  Here, table is understood as a memory storage structure that represents the relationship between the protected zones and the accessible owners of those zones.  Here, the protected region are subdivided and utilizing index table to be tracked for each secure entity.).

As for claim 27, Sell also teaches the hardware mechanism further prevents an another secure entity from accessing contents of the secure storage location (paragraph 5, “metadata memory zones that are not intelligibly accessible to …other applications…”).

Claim 8-9 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Bullions and Sell, further in view of Prashant et al. (US PGPUB 2019/0042296).

As for claim 8, Bullions and Sell does not explicitly teach the millicode, acting as the secure interface control, is dispatching a secured entity and sets an indication that a secured entity is running and loads a secure guest state into the hardware
However, Prashant teaches a known method of secure VM execution including wherein the millicode, acting as the secure interface control (paragraph 47 and 58, “mask enforcer 36...” and “control logic for implementing the described operations…implemented in hardware logic (e.g., as microcode …”) Examiner note, Millicode is a form of microcode, and prior art teaches utilizing microcode implementation in hardware logic for the control logic), dispatches the secured entity and sets an indication that a secured entity is running (paragraph 47 and 17, “mask enforcer 36 thereafter uses the access restrictions from VMCS mask 68 to control access to VMCS60…if VMCS mask 68 specifies NA or RO access for all of the fields in the GSA, mask enforcer 36 will …prevent VMM 40 from writing to any of these fields…”) and loads a secure guest state into the hardware (paragraph 17, VMCS includes a guest state area (GSA) …with every change of execution context into a VM…”). This 
One of ordinary skill in the art before the effective filing date of the application would have recognized that applying the known technique of Prashant would have yielded predictable results and resulted in an improved system.  It would have been recognized that applying the technique of Prashant to the teachings of Bullions and Sell would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such instruction execution features into similar systems.  Further, applying Millicode as interface dispatching a secured entity, sets an indication and loads a secure guest state to Bullions and Sell with use of millicode to execute complex functionalities accordingly, would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow improved protection of guest VMs from unsecure/compromised VMM. (Prashant, 5).

As for claims 17, they are the product claims of method claim 8.  Thus, they are rejected under the same rationales.

As for claim 9, Prashant also teaches uses the secure guest state to execute security checks while a secure guest domain associated with the secured entity is running (paragraphs 17 and 47-49).

As for claims 18, they are the product claims of method claim 9.  Thus, they are rejected under the same rationales.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1,3, 5-10, 12, 14-19, 21, are 23-27 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN X LU whose telephone number is (571)270-1233.  The examiner can normally be reached on M-F 10am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 5712723759.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/KEVIN X LU/
Examiner, Art Unit 2199

/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199