DETAILED ACTION 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is a response to an application filed 02/07/2022 wherein claims 1 – 20 are pending and ready for examination.
Response to Arguments
Traversal of the Restriction Requirement
Applicant Asserts: This election is made with traverse. Contrary to the requirements of MPEP § 803, the Office Action does not provide adequate reasons or examples supporting the conclusion that examining all the claims is burdensome to the Office. Without reasons or examples to support the restriction requirement, it must be withdrawn. MPEP § 803 states that the entire claim set must be examined if the search and examination can be done without examiner must examine it on the merits, even though it includes claims to independent or distinct inventions. serious burden regardless of whether the claim set includes independent or distinct inventions.  If the search and examination of an entire application can be e without serious burden, the MPEP § 803.
 To satisfy this requirement, the Office Action states without support that a serious burden would be imposed on the Patent Office if all of the groups of claims are examined in this one application. The Office Action does not discuss how a serious burden exists because it does not address whether the inventions (a) have acquired a separate status in the art in view of their classification, (b) have acquired a separate status in the art due to their recognized divergent subject matter, (c) require different fields of search, (d) have a different classification, and (e) the search required for one invention not required for the other. See MPEP § 817. In keeping with MPEP § 817, the “reasons” in the Office Action are intended to be statements of conclusions dictated by an analysis presented in the Office Action, which is not present.

Not only is the restriction requirement unsupported by an analysis of facts, it is contrary
to the best interests of Applicant and the public. If the restriction requirement is maintained, it
is the Applicant who is seriously burdened. The added expense of pursuing the withdrawn
claims in a separate application is a serious financial burden. Moreover, if the restriction
requirement is maintained, the public will be burdened by having to inspect multiple patents in
order to determine the full scope of protection.
Withdrawal of the restriction requirement is respectfully requested.

Examiner Response:  The Examiner finds applicant arguments persuasive.  The Restriction/Election requirement has been withdrawn and claims 1-20 will be treated on the merits.

                                      Information Disclosure Statement 
The information disclosure statements (IDS) submitted on 6/22/2020, 11/25/2020, 12/20/2121 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.            Per claims 1 and 2.  Claims 1 and 2 cite in part … performing, by the processing unit, first monitoring processing on the first process based on the first exception information, and performing first switching processing on the target mapping relationship, wherein the first switching processing is used to switch the target mapping relationship from the first mapping relationship to the second mapping relationship,  The instant specification defines the ‘switching processing’ as being used to switch the target mapping relationship from the first mapping relationship to the second mapping relationship.  While the specification discloses the term switching processing, switching processing is not a common term used in the art.  The Examiner will consider the claimed ‘switching processing’ to mean a switching process such as the term ‘swap’ would convey. Claim(s) 3-12 are rejected based on their dependency on rejected claim 1 and do not overcome the grounds for rejection given in the rejected parent claim. The rejections of these claims may be in addition to any other rejection(s) that are applied in this or other sections.

Per claims 1-2, 13, and 18-20.  Claims 1-2, 13, and 18-20 further cite a technical feature “monitoring processing”.  While the specification discloses the term “monitoring processing”, “monitoring processing” is not a common term used in the art.  The Examiner cannot find in the instant specification a definition for what is meant by the term “monitoring processing” not does it make clear how the term is used in a consistent manner. The Examiner discerns that “monitoring processing” is not a noun but is intended to disclose a procedure or routine where processes are monitored.  The Examiner will consider “monitoring processing” to mean monitoring a process when treating these claims on the merits. Claim(s) 14-17 are rejected based on their dependency on rejected claim 1 and do not overcome the grounds for rejection given in the rejected parent claim. The rejections of these claims may be in addition to any other rejection(s) that are applied in this or other sections.
 Applicant is encouraged to provide clarifications.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Iyigun; Mehmet et al, US 20180165133 A1, June 14, 202018 hereafter referred to as Iyigun in view of White; Edmund H. et al, US 20180060574 A1, March 1, 2018 hereafter referred to as White. 

            As to claim 1, Iyigun teaches a process monitoring method - Iyigun [0008] FIG. 4 is a flowchart illustrating an example process for implementing the shared memory between host and guest on a computing device) performed by a computing device that comprises a processing unit, a memory, and a memory control unit - Iyigun [0027] … FIG. 1, the host 102 includes a memory manager module 118 that manages the host physical memory 104.  Here, the claimed ‘computing device’ is taught by lyigun as ‘host 102’ whereas the claimed ‘processing unit’ is taught by lyigun as at least ‘Guest Management Module 114’. The claimed ‘memory’ is taught by lyigun as ‘Host Physical Memory 104’ and the claimed ‘memory control unit’ is taught by lyigun as ‘Memory Manager Module 118’), comprising:
          determining, by the processing unit, a first mapping relationship and a second mapping relationship - Iyigun [0028] The guest 120 and the host 102 (e.g., via the guest shared memory manager module 132 and the host shared memory manager module 112, respectively) agree on a name and a size for the shared memory 124. The name for (which is an identifier of) the shared memory 124 allows the shared memory 124 to be identified by the guest 120 and the host 102, and allows different shared memories in the system 100 to be distinguished from one another.  Here, the claimed ‘first mapping relationship’ is taught by lyigun as ‘guest 120 and shared memory 124’ whereas the claimed ‘second mapping relationship’ is taught by lyigun as ‘host 102 and shared memory 124), wherein the first mapping relationship and the second mapping relationship indicate a mapping relationship between a first virtual address and a first physical address - Iyigun [0027] … Virtual memory refers to having a virtual address space for different programs running in the system 100 (e.g., different guests 120), and different portions of that virtual memory are mapped to various portions of the physical memory 104 at different times), and an access rule of the first physical address, wherein the first mapping relationship indicates that the access rule of the first physical address is access forbidden - Iyigun [0038] … the guest 120 can be a physically backed (rather than VA backed) virtual machine. In such situations, the shared memory 124 and the guest physical memory 122 can be locked (e.g., allocated to a process and locked in physical memory), and thus maintained in the physical memory rather than being paged out), and the second mapping relationship indicates that the access rule of the first physical address is access allowed - Iyigun [0038] … The host shared memory manager module  module 112 or a hypervisor of the system 100 can then map the physical memory pages of the shared memory 124 into guest physical memory pages that can be accessed by programs running in the guest 120), wherein the first physical address is a physical address of a first memory space in the memory – lyigun [0032] … The guest  shared memory manager module 132 communicates the request to open the file to the host shared memory manager module 112. The host shared memory manager module 112 knows that the request to open a file is actually a request to create shared memory. The host shared memory manager module 112 can know this in various manners, such as an indication that is included in the request (e.g., the namespace for the file is a namespace associated with shared memory), the first memory space is different from a second memory space in the memory – lyigun [0033] …The host shared memory manager module 112 returns an identifier of the shared memory 124 to the guest shared memory manager module 132.  This identifier can be, for example, a file handle or other identifier that allows different shared memories to be distinguished from one another), and the second memory space is used to store program code for generating a first process – lyigun [0031] … the creation of the shared memory 124 is initiated by the guest 120. A program running in the guest 120 (also referred to as a guest program) invokes a method of an application programming interface (API) requesting to open a file. Here, the claimed ‘second memory space’ is taught by lyigun as ‘guest 120’ since the first memory space in the memory of Host Physical Memory 104 is different.  The claimed ‘program code’ is taught by lyigun as ‘API’); when the first process starts to run, determining, by the processing unit, that a target mapping relationship is the first mapping relationship, wherein the target mapping relationship is used when the memory control unit controls access to the memory – lyigun [0029] The host shared memory manager module 112 allocates or assigns a memory space to be used as shared memory 124. The host shared memory manager module 112 provides an indication of this allocated or assigned memory space to the guest 120. Both the guest 120 and the host 102 maintain a mapping to the shared memory 124, allowing both the guest and the host to access the shared memory 124);
            when the first process needs to access the first memory space, sending, by the processing unit, a first access request to the memory control unit, wherein the first access request includes the first virtual address – lyigun [0032] The guest shared memory manager module 132 communicates the request to open the file to the host shared memory manager module 112. The host shared memory manager module 112 knows that the request to open a file is actually a request to create shared memory. The host shared memory manager module 112 can know this in various manners, such as an indication that is included in the request (e.g., the namespace for the file is a namespace associated with shared memory).; 
              receiving, by the processing unit, first exception information sent by the memory control unit, when the memory control unit determines that the access rule of the first physical address in the target mapping relationship is access forbidden – lyigun [0030] …The access controls can also define various restrictions and/or permissions on the shared memory 124, such as whether the shared memory 124 is executable (instructions stored in the shared memory can be executed. LYIGUN DOES NOT TEACH 
               performing, by the processing unit, first monitoring processing on the first process based on the first exception information, and performing first switching processing on the target mapping relationship, wherein the first switching processing is used to switch the target mapping relationship from the first mapping relationship to the second mapping relationship; and
re-sending, by the processing unit, the first access request to the memory control unit HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR WHITE TEACHES performing, by the processing unit, first monitoring processing on the first process based on the first exception information – White [0025] … The complex event response engine 145 may create monitoring policies that are partitioned/separated between the complex event response engine 145 and the in-guest agent 130. The EPT tables may specify access permissions for the guest OS domains 115, 120 that may be used to implement multiple memory protections or partitions efficiently using the shared pages of memory. Other policies can include identifying monitored events such as exceptions (e.g., page faults, and other protection faults), interrupts (e.g., hardware interrupts and software interrupts), and platform events (e.g., system management interrupts.  Here, the claimed ‘first exception information’ is taught by White as ‘interrupts’), and performing first switching processing on the target mapping relationship, wherein the first switching processing is used to switch the target mapping relationship from the first mapping relationship to the second mapping relationship – White [0034] …  if there is reason to suspect that the in-guest agent may be under attack by the untrusted software or application being executed in the monitored OS domain 120, the event response can be shifted to the complex event response engine 145 by switching to an EPT view so that pages in that EPT view may be configured by the hypervisor 190 to always cause an EPT violation and/or with an explicit VM call or VM exit); and
          re-sending, by the processing unit, the first access request to the memory control unit – White [0035] In 225, the hypervisor 190 may determine, based on the monitoring policies, if a #VE is allowed for the EPT event. In an embodiment, the hypervisor 190 may analyze the instructions received through hypercall interface 165 to determine if #VE should be allowed for the event based on monitoring policies created by the complex event response engine 145.  Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that applying the known technique of exception switching via page swaps as taught by White to the memory manager module of lyigun would have yielded predicable results and resulted in an improved system, namely, a system that would positively benefit the memory manager module of lyigun provided by the exception handling technique  of white thereby enabling dynamic changeover in memory as provided by White hypercall interface 165).

           As to claim 2, the combination of lyigun and White teaches the method according to claim 1, wherein the first mapping relationship and the second mapping relationship further indicate a mapping relationship between a second virtual address and a second physical address – lyigun [0024] … in FIG. 3 a base operating system 304 (e.g., an operating system kernel) is shared by the guests 302. Thus, rather than the base operating system being included as part of each container as illustrated in the example of FIG. 2, a single base operating system is shared by the multiple guests in the example of FIG. 3), and an access rule of the second physical address, wherein the first mapping relationship indicates that the access rule of the second physical address is access allowed – lyigun [0033] … The host shared memory manager module 112 returns an identifier of the shared memory 124 to the guest shared memory manager module 132. This identifier can be, for example, a file handle or other identifier that allows different shared memories to be distinguished from one another), the second mapping relationship indicates that the access rule of the second physical address is access forbidden – lyigun [0038] …the guest 120 can be a physically backed (rather than VA backed) virtual machine. In such situations, the shared memory 124 and the guest physical memory 122 can be locked (e.g., allocated to a process and locked in physical memory), and the second physical address is a physical address of the second memory space and after the performing the first switching processing on the target mapping relationship, the method further comprises:
when code stored in the first memory space indicates that the second memory space needs to be accessed - White [0034] … Other writes to the kernel may be disallowed or handled by the complex event response engine 145 by switching EPT views that can be accessed by the complex event response engine 145. …the complex event response engine 145 may respond to the EPT event with instructions to the hypervisor 190 using the hypercall interface 165, based on the monitoring policies sent from the monitoring policies engine 150. In embodiments, the complex event response engine 245 may notify the hypervisor 190 based on monitoring policies), sending, by the processing unit, a second access request to the memory control unit, wherein the second access request includes the second virtual address - White [0040] In 235, the #VE is delivered directly from the CPU 105 to the in-guest agent 130. In an example, the #VE may be delivered to the guest agent 130 through an interrupt descriptor table (IDT) vector 20 as an exception. The in-guest agent 130 may be responsible for taking control of IDT vector 20);
          receiving, by the processing unit, second exception information sent by the memory control unit, when the memory control unit determines that the access rule of the second physical address in the target mapping relationship is access forbidden – White [0038] However, in 225, if the hypervisor 190 determines that #VE is not allowed for the event (i.e., step 225=“N”), then, in 245, access to the particular process is denied by the hypervisor 190 and/or with a VM exit. VM exit may also result in termination of software execution in 250)
          performing, by the processing unit, second monitoring processing on the first process based on the second exception information - White [0025] … The complex event response engine 145 of the privileged OS domain 115 may create monitoring policies characterized by rules for pages of memory in the EPT to monitor execution of untrusted software or applications or other malware in the monitored OS domain 120), and performing second switching processing on the target mapping relationship, wherein the second switching processing is used to switch the target mapping relationship from the second mapping relationship to the first mapping relationship – White [0024] … The EPT view management engine 125 may also receive instructions to exit a particular EPT view in a guest OS domain or context switch out of the guest OS domain using information received from an EPT-V exit interface 175. The hypervisor 190 may turn on #VE based on one or more events that are detected while running untrusted software or applications in the monitored OS domain 120); and 
           re-sending, by the processing unit, the second access request to the memory control unit – White [0035] In 225, the hypervisor 190 may determine, based on the monitoring policies, if a #VE is allowed for the EPT event. In an embodiment, the hypervisor 190 may analyze the instructions received through hypercall interface 165 to determine if #VE should be allowed for the event based on monitoring policies created by the complex event response engine 145.  The rationale for use of Whites hypercall in support of lyigun’s memory manager module in claim 1 applies here in claim 2).

            As to claim 3, the combination of lyigun and White teaches the method according to claim 2, wherein the determining, by the processing unit, the first mapping relationship and the second mapping relationship comprises: 
           when the first process is created, determining, by the processing unit, a second
process, wherein the second process is a parent process of the first process - lyigun [0043] The guest can initiate section creation by calling a CreateVmSharedMemory API. In response, the CreateVmSharedMemory API calls a CreateFile API specifying a known (e.g., to the guest and the host) shared memory namespace. The purpose of this call is to open a handle to the host and allow handle lifetime using the file system.  Here, the claimed ‘first process’ is taught by lyigun as ‘CreateFileAPI’ whereas the claimed ‘parent’ is taught as ‘CreateVMSharedMemory API’ because the command to create the VM is further proceeded by the actual file creation); and
          when the second process needs to be monitored, determining, by the processing unit, access rules of the second physical address in the first mapping relationship and the second mapping relationship - lyigun [0043] … The CreateVmSharedMemory API can use various parameters, including desired access (e.g., indicating to translate requests for “page read only” to “file read data”, requests for “page read write” to “file write data”, and requests for “page execute read only” or “page execute read write” to read or write “file execute”). Various additional parameters can be included, such as a creation disposition (e.g., what action to take if the requested file has already been opened), creation options, the size of the shared memory to create, and so forth).

              As to claim 4, the combination of lyigun and White teaches the method according to claim 1, wherein the method further comprises: when the first process ends, deleting, by the processing unit, the first mapping relationship and the second mapping relationship - lyigun [0015] The guest management module 114 also manages tear down or deletion of the guest 120 when the guest 120 is no longer needed or desired in the system 100).

             As to claim 5, the combination of lyigun and White teaches the method according to claim 2, wherein the method further comprises: when the first process ends, deleting, by the processing unit, the first mapping relationship and the second mapping relationship - lyigun [0015] The guest management module 114 also manages tear down or deletion of the guest 120 when the guest 120 is no longer needed or desired in the system 100).

              As to claim 6, the combination of lyigun and White teaches the method according to claim 3, wherein the method further comprises: when the first process ends, deleting, by the processing unit, the first mapping relationship and the second mapping relationship – lyigun ;0015] … The guest management module 114 also manages tear down or deletion of the guest 120 when the guest 120 is no longer needed or desired in the system 100).

             As to claim 7, the combination of lyigun and White teaches the method according to claim 3 method according to claim 1, wherein the first memory space is used to store code of an external function, the external function comprises a function other than a process function, and the process function is a function comprised in the program code for generating the first process - lyigun [0046] The host can issue a command to the server module to map the section in memory. The server module responds to the command by asking the memory manager for the guest to allocate a region of the guest physical address space for the section. The memory manager for the maps the shared memory to the guest physical address space, and an indication of the successful mapping is returned to the server module and the host. Here, the claimed ‘first memory space’ is taught by lyigun as ‘host’ because the first mapping relationship is between the Host 102 and shared memory 124. The claimed ‘external function’ is taught by lyigun as ‘issue a command’ since the host stores the commands in host memory to be sent to the external server.  The claimed ‘process function is taught by lyigun as ‘map the section’ because the server performs the memory mapping to the guest space).

            As to claim 8, the combination of lyigun and White teaches the method according to claim 7, wherein the code of the external function comprises at least one of process shared code or system kernel code - lyigun [0046] The host can issue a command to the server module to map the section in memory. The server module responds to the command by asking the memory manager for the guest to allocate a region of the guest physical address space for the section).

            As to claim 9, the combination of lyigun and White teaches the method according to claim 2, wherein the first memory space is used to store code of an external function, the external function comprises a function other than a process function, and the process function is a function comprised in the program code for generating the first process - lyigun [0046] The host can issue a command to the server module to map the section in memory. The server module responds to the command by asking the memory manager for the guest to allocate a region of the guest physical address space for the section. The memory manager for the maps the shared memory to the guest physical address space, and an indication of the successful mapping is returned to the server module and the host).

             As to claim 10, the combination of lyigun and White teaches the method according to claim 9, wherein the code of the external function comprises at least one of process shared code or system kernel code - lyigun [0024] … in the example shown in FIG. 3 a base operating system 304 (e.g., an operating system kernel) is shared by the guests 302. Thus, rather than the base operating system being included as part of each container as illustrated in the example of FIG. 2, a single base operating system is shared by the multiple guests in the example of FIG. 3.  Here, the claimed ‘shared code’ is taught by lyigun as ‘base operating system 304’).

               As to claim 11, the combination of lyigun and White teaches the method according to claim 3, wherein the first memory space is used to store code of an external function, the external function comprises a function other than a process function, and the process function is a function comprised in the program code for generating the first process - lyigun [0046] The host can issue a command to the server module to map the section in memory. The server module responds to the command by asking the memory manager for the guest to allocate a region of the guest physical address space for the section. The memory manager for the maps the shared memory to the guest physical address space, and an indication of the successful mapping is returned to the server module and the host).

            As to claim 12, the combination of lyigun and White teaches the method according to claim 11, wherein the code of the external function comprises at least one of process shared code or system kernel code - lyigun [0024] … in the example shown in FIG. 3 a base operating system 304 (e.g., an operating system kernel) is shared by the guests 302. Thus, rather than the base operating system being included as part of each container as illustrated in the example of FIG. 2, a single base operating system is shared by the multiple guests in the example of FIG. 3.  Here, the claimed ‘shared code’ is taught by lyigun as ‘base operating system 304’).

            As to claim 13, claim 13 is a process monitoring method that is directed to the process monitoring method of clams 1 and 2.   Therefore claim 13 is rejected for the reasons as set forth in clams 1 and 2.  

             As to claim 14, claim 14 is a process monitoring method that is directed to the process monitoring method of clam 2.   Therefore claim 14 is rejected for the reasons as set forth in clam 2.  
         As to claim 15, claim 15 is a method that is directed to the method of claim 3.   Therefore claim 15 is rejected for the reasons as set forth in claim 3. 

          As to claim 16, claim 16 is a method that is directed to the method of claim 7.   Therefore claim 16 is rejected for the reasons as set forth in claim 7.

          As to claim 17, claim 17 is a method that is directed to the method of claim 8.   Therefore claim 17 is rejected for the reasons as set forth in claim 8.

           As to claim 18, claim 18 is a computer chip that is directed to the method of claim 13.   Therefore claim 18 is rejected for the reasons as set forth in claim 13.

         As to claim 19, claim 19 is a non-transitory computer-readable storage media that is directed to the method of claim 1.   Therefore claim 19 is rejected for the reasons as set forth in claim 1.

          As to claim 20, claim 20 is a non-transitory computer-readable storage media that is directed to the method of claim 13.   Therefore claim 20 is rejected for the reasons as set forth in claim 13.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249104/04/2022


/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491