EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephone interview with Mr. Rudy Hofmann, Reg. # 38,187 assigned to the instant application in place of  Ms. Elizabeth Fenske, Reg. # 72,507 on 04/07/2022.


This listing of claims will replace all prior versions of claims:
1.	(Currently Amended) A non-transitory machine-readable storage medium storing a set of instructions that when executed cause a processor to: 
	maintain a physical time source by a host operating system of a computing apparatus, wherein the physical time source measures logical time for the computing apparatus and does not measure wall-clock time; 
	instantiate, using a hypervisor in a reserved portion of memory of the computing apparatus which the host operating system cannot access, a virtual machine including a guest operating system; 
	using an input/output memory management unit, restrict the host operating system from accessing the hypervisor wherein the instructions to restrict the host operating system from accessing the hypervisor include instructions that when executed, cause the processor to provide to the host operating system, a token to allow the host operating system to read from or write to the reserved portion of memory identified by the token and associated with an operation, until completion of the operation requested by the hypervisor;
	compute a virtual time source for the guest operating system, by adjusting a rate by which the virtual time source advances relative to the physical time source, wherein the virtual time source operates independently of the physical time source; and
	present the virtual time source to the virtual machine as the physical time source. 

2.	(Original) The non-transitory machine-readable medium of claim 1, wherein the instructions to compute the virtual time source include instructions to perform time dilation to adjust values of the physical time source for the virtual time source. 

3.	(Original) The non-transitory machine-readable medium of claim 1, wherein the instructions to compute the virtual time source include instructions to compute time for the virtual time source independent of the physical time source.

4.	(Previously Presented) The non-transitory machine-readable medium of claim 1, including instructions to instantiate the hypervisor within a reserved portion of memory of the computing apparatus which the host operating system cannot access.

5.	(Canceled)



6.	(Currently Amended) The non-transitory machine-readable medium of claim 1, including instructions that when executed cause the processor to:
	revoke the token to the reserved portion of memory upon completion of the requested operation. 

7.	(Currently Amended) A non-transitory machine-readable storage medium storing a set of instructions that when executed cause a processor to:
	maintain a physical time source by a host operating system of a computing apparatus, wherein the physical time source measures logical time for the computing apparatus and does not measure wall-clock time;
	instantiate, using a hypervisor in a reserved portion of memory of the computing apparatus which the host operating system cannot access, a first guest operating system implemented in a virtual machine container;
	instantiate, using the hypervisor, a second guest operating system implemented in the virtual machine container;
	using an input/output memory management unit, restrict the host operating system from accessing the hypervisor including grant, using the hypervisor, a token to the host operating system for temporary access to the reserved portion of memory, and provide the host operating system, using the hypervisor, temporary access to the reserved portion of memory responsive to presentation of the token by the host operating system;
	compute a first virtual time source for the first guest operating system by adjusting a rate by which the first virtual time source advances relative to the physical time source, wherein the first virtual time source operates independently of the physical time source; 
	compute a second virtual time source for the second guest operating system by adjusting a rate by which the second virtual time source advances relative to the physical time source, wherein the second virtual time source operates independently of the physical time source and independent of the first virtual time source; and
	present the first virtual time source and the second virtual time source to a software execution environment as the physical time source.  

8.	(Previously Presented) The non-transitory machine-readable storage medium of claim 7, wherein the instructions to restrict the host operating system from accessing the hypervisor include instructions that when executed, cause the processor to instantiate the hypervisor in a reserved portion of memory of the apparatus by limiting extended page tables of the virtual machine container from accessing memory allocated by the hypervisor.

9.	(Previously Presented) The non-transitory machine-readable storage medium of claim 7, further including instructions to: 
	prior to booting the host operating system, reserve the portion of memory which the host operating system cannot access; and
	instantiate the hypervisor within the reserved portion of memory.  

10.	(Canceled)



11.	(Currently Amended) The non-transitory machine-readable storage medium of claim 7, wherein the token includes a location of the reserved portion of memory, further including instructions to: 
	provide the host operating system, using the hypervisor, temporary access to read from or write to the location of the reserved portion of memory identified in the token.  

12.	(Original) The non-transitory machine-readable storage medium of claim 7, wherein the instructions to compute the first virtual time source include instructions to:
	adjust values of the first virtual time source to perform time dilation of operations within the virtual machine container.

13.	(Original) The non-transitory machine-readable storage medium of claim 7, wherein the instructions to compute the first virtual time source include instructions to:
	execute delayed malware payloads more quickly than the malware payloads would execute by the physical time source, by advancing time in the first virtual time source at a rate faster than the physical time source.

14.	(Original) The non-transitory machine-readable storage medium of claim 13, further including instructions to: 
	render a decision of the malware payloads based on passage of the first virtual time source.

15.	(Currently Amended) A non-transitory machine-readable storage medium storing a set of instructions that when executed cause a processor to:
maintain a physical time source by a host operating system for the processor, wherein the physical time source measures logical time for the processor and not wall-clock time;
	instantiate, using a first hypervisor executing in a reserved portion of memory of the processor which the host operating system cannot access, a second hypervisor as a guest;
	using an input/output memory management unit, restrict the host operating system from accessing the first hypervisor wherein the instructions to restrict the host operating system from accessing the first hypervisor include instructions that when executed, cause the processor to provide to the host operating system, a token to allow the host operating system to read from or write to the reserved portion of memory identified by the token and associated with an operation, until completion of the operation requested by the first hypervisor;
	present, using the first hypervisor, a first virtual time source to the second hypervisor; and
	compute, using the second hypervisor, a second virtual time source based on the first virtual time source, 
	wherein the second virtual time source operates independently of both the first virtual time source and the physical time source, and wherein the first virtual time source and the second virtual time source measure logical time for the processor at a different rate than the physical time source.

16.	(Original) The non-transitory machine-readable storage medium of claim 15, further including instructions that when executed cause the processor to:
	instantiate, using the second hypervisor, a virtual machine to execute a guest operating system; 
	allocate compute resources to the virtual machine; and
	compute, using the second hypervisor, the second virtual time source responsive to allocation of the compute resources to the virtual machine.

17.	(Original) The non-transitory machine-readable storage medium of claim 15, further including instructions that when executed cause the processor to:
	instantiate, using the second hypervisor, a virtual machine to execute a guest operating system; and
	increase a rate at which time advances in the second virtual time source responsive to a determination that the virtual machine is idle. 

18.	(Original) The non-transitory machine-readable storage medium of claim 15, further including instructions that when executed cause the processor to:
	compute, using the second hypervisor, a third virtual time source based on the first virtual time source; 
	wherein the third virtual time source operates independently of the first virtual time source, the second virtual time source, and the physical time source. 
 

Conclusion
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to BING ZHAO whose telephone number is (571)270-1745.  The examiner can normally be reached on 9am - 5:30pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, An Meng-Ai can be reached on 571-272-3756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BING ZHAO/
Primary Examiner, Art Unit 2198