Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by another filed in the United States before the invention by the applicant for patent, except that an international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an application filed in the United States only if the international application designated the United States and was published under Article 21(2) of such treaty in the English language.

Claims 1-24 are rejected under pre-AIA  35 U.S.C. 102(e) as being anticipated by Ellison (US Patent No. 8,208,637 B2).

Consider Claim 1, 
ELLISON teaches at least one storage device comprising instructions that when executed by one or more processors cause the one or more processors of a host system to at least: execute a hypervisor to: 
partition resources of the host system to allocate (a) first resources of the host system for a first virtual machine and (b) second resources of the host system for a second virtual machine (ELLISON, e.g., Fig 3, shows plural virtual machines which have been allocated partitioned resources a host system (e.g.,V.TPM and VHD).), wherein the resources of the host system include memory resources and a trusted platform module (ELLISON, e.g., Fig 3, resources of a host system include at least one storage (i.e., store) and at least one TPM.), the first virtual machine to run a first guest operating system and the second virtual machine to run a second guest operating system (ELLISON, e.g., Fig 3, shows separate VMs (i.e., separate operating environments).  The operating structure of the VM, necessary for it to exist, is considered analogous to the claimed operating system.) , wherein the first guest operating system is to run in a first isolated environment, the second guest operating system is to run in a second isolated environment, the first isolated environment to be isolated from the second isolated environment (ELLISON, e.g., Fig 3, VMs are illustrated as being separate (i.e., isolated) from each other.); 
implement a virtual trusted platform module to support encryption for the first virtual machine (ELLISON, e.g., Fig 3,V.TPM;Col 1:27-31, may function as cryptographic processor.); and 
protect the first resources and the second resources from unauthorized access (ELLISON, e.g., Fig 4;Col 7:15-50; Fig 5;Col 7:51-Col 8:11, discloses access control mechanisms (i.e., protects resources from unauthorized access).).

Consider Claim 2, 
ELLISON further teaches wherein the memory resources corresponds to a hardware-based memory (ELLISON, e.g., Col 6:50-52, information is stored in VHD.  Storage requires correspondence to a hardware-based memory).

Consider Claim 3, 
ELLISON further teaches wherein the resources include registers of the trusted platform module, the registers to store a key (ELLISON, e.g., Col 3:45-Col 4:17, TPM stores keys.  The memory space associated with key storage is considered analogous to register space.).

Consider Claim 4, 
ELLISON further teaches wherein the instructions cause the one or more processors to interface with the first virtual machine via a driver of the first virtual machine (ELLISON, e.g., Col 6:50-60, discloses interfacing with a VM via a vTPM of the VM.  The vTPM software construct is considered analogous to the claimed driver.).

Consider Claim 5, 
ELLISON further teaches wherein the instructions cause the one or more processors to manage components of the host system (ELLISON, e.g., Fig 4, migration is considered to be an act of managing components (i.e., VMs).).

Consider Claim 6, 
ELLISON further teaches wherein the instructions cause the one or more processors to load stored content from storage into memory to facilitate operation of a driver in the first virtual machine (ELLISON, e.g., Col 6:50-60, describes plural key elements that must be loaded to facilitate operation of a vTPM.).

Consider Claim 7, 
ELLISON further teaches wherein the instructions cause the one or more processors to partition a portion of a driver of the first virtual machine to access the first guest operating system (ELLISON, e.g., Fig 3;Col 7:4-14, the virtualization of TPM resources to plural entities is considered analogous to the claimed partitioning.).

Consider Claim 8, 
ELLISON further teaches wherein the first virtual machine is isolated from the second virtual machine (ELLISON, e.g., Fig 3, VMs are illustrated as being separate (i.e., isolated) from each other.).

Consider Claim 9, 
ELLISON teaches a host system (ELLISON, e.g., Fig 3) comprising: 
at least one storage device (ELLISON, e.g., Fig 3, shows plural stores.); 
resources (ELLISON, e.g., Fig 3, shows plural resources.); 
memory; and one or more processors (ELLISON, e.g., Fig 3:VMM, a VMM requires the use of memory and one or more processors.) to execute a hypervisor to: 
partition the resources of the host system to allocate (a) first resources of the host system for a first virtual machine and (b) second resources of the host system for a second virtual machine (ELLISON, e.g., Fig 3, shows plural virtual machines which have been allocated partitioned resources a host system (e.g.,V.TPM and VHD).), wherein the resources of the host system include memory resources and a trusted platform module (ELLISON, e.g., Fig 3, resources of a host system include at least one storage (i.e., store) and at least one TPM.), the first virtual machine to run a first guest operating system and the second virtual machine to run a second guest operating system (ELLISON, e.g., Fig 3, shows separate VMs (i.e., separate operating environments).  The operating structure of the VM, necessary for it to exist, is considered analogous to the claimed operating system.), wherein the first guest operating system is to run in a first isolated environment, the second guest operating system is to run in a second isolated environment, the first isolated environment to be isolated from the second isolated environment (ELLISON, e.g., Fig 3, VMs are illustrated as being separate (i.e., isolated) from each other.); 
implement a virtual trusted platform module to support encryption for the first virtual machine (ELLISON, e.g., Fig 3,V.TPM;Col 1:27-31, may function as cryptographic processor.); and 
protect the first resources and the second resources from unauthorized access (ELLISON, e.g., Fig 4;Col 7:15-50; Fig 5;Col 7:51-Col 8:11, discloses access control mechanisms (i.e., protects resources from unauthorized access).).

Consider Claim 10, 
ELLISON further teaches wherein the memory resources corresponds to at least one of the memory or the at least one storage device (ELLISON, e.g., Col 6:50-52, information is stored in VHD.  Storage requires a storage device.).

Consider Claim 11, 
ELLISON further teaches wherein the resources include registers of the trusted platform module, the registers to store a key (ELLISON, e.g., Col 3:45-Col 4:17, TPM stores keys.  The memory space associated with key storage is considered analogous to register space.).

Consider Claim 12, 
ELLISON further teaches wherein the one or more processors are to interface with the first virtual machine via a driver of the first virtual machine (ELLISON, e.g., Col 6:50-60, discloses interfacing with a VM via a vTPM of the VM.  The vTPM software construct is considered analogous to the claimed driver.).

Consider Claim 13, 
ELLISON further teaches wherein the one or more processors are to manage components of the host system (ELLISON, e.g., Fig 4, migration is considered to be an act of managing components (i.e., VMs).).

Consider Claim 14, 
ELLISON further teaches wherein the one or more processors are to load stored content from storage into memory to facilitate operation of a driver in the first virtual machine (ELLISON, e.g., Col 6:50-60, describes plural key elements that must be loaded to facilitate operation of a vTPM.).

Consider Claim 15, 
ELLISON further teaches wherein the one or more processors are to partition a portion of a driver of the first virtual machine to access the first guest operating system (ELLISON, e.g., Fig 3;Col 7:4-14, the virtualization of TPM resources to plural entities is considered analogous to the claimed partitioning.).

Consider Claim 16, 
ELLISON further teaches wherein the first virtual machine is isolated from the second virtual machine (ELLISON, e.g., Fig 3, VMs are illustrated as being separate (i.e., isolated) from each other.).

Consider Claim 17, 
ELLISON teaches a method comprising: 
partitioning, by executing an instruction with a hypervisor, resources of a host system to allocate (a) first resources of the host system for a first virtual machine and (b) second resources of the host system for a second virtual machine (ELLISON, e.g., Fig 3, shows plural virtual machines which have been allocated partitioned resources a host system (e.g.,V.TPM and VHD).), wherein the resources of the host system include memory resources and a trusted platform module (ELLISON, e.g., Fig 3, resources of a host system include at least one storage (i.e., store) and at least one TPM.), the first virtual machine to run a first guest operating system and the second virtual machine to run a second guest operating system (ELLISON, e.g., Fig 3, shows separate VMs (i.e., separate operating environments).  The operating structure of the VM, necessary for it to exist, is considered analogous to the claimed operating system.), wherein the first guest operating system is to run in a first isolated environment, the second guest operating system is to run in a second isolated environment, the first isolated environment to be isolated from the second isolated environment (ELLISON, e.g., Fig 3, VMs are illustrated as being separate (i.e., isolated) from each other.); 
implementing, by executing an instruction with the hypervisor, a virtual trusted platform module to support encryption for the first virtual machine (ELLISON, e.g., Fig 3,V.TPM;Col 1:27-31, may function as cryptographic processor.); and 
protecting, by executing an instruction with the hypervisor, the first resources and the second resources from unauthorized access (ELLISON, e.g., Fig 4;Col 7:15-50; Fig 5;Col 7:51-Col 8:11, discloses access control mechanisms (i.e., protects resources from unauthorized access).).

Consider Claim 18, 
ELLISON further teaches wherein the memory resources corresponds to a hardware-based memory (ELLISON, e.g., Col 6:50-52, information is stored in VHD.  Storage requires correspondence to a hardware-based memory).

Consider Claim 19, 
ELLISON further teaches wherein the resources include registers of the trusted platform module, further including storing a key in the registers (ELLISON, e.g., Col 3:45-Col 4:17, TPM stores keys.  The memory space associated with key storage is considered analogous to register space.).

Consider Claim 20, 
ELLISON further teaches interfacing with the first virtual machine via a driver of the first virtual machine (ELLISON, e.g., Col 6:50-60, discloses interfacing with a VM via a vTPM of the VM.  The vTPM software construct is considered analogous to the claimed driver.).

Consider Claim 21, 
ELLISON further teaches managing components of the host system (ELLISON, e.g., Fig 4, migration is considered to be an act of managing components (i.e., VMs).).

Consider Claim 22, 
ELLISON further teaches loading stored content from storage into memory to facilitate operation of a driver in the first virtual machine (ELLISON, e.g., Col 6:50-60, describes plural key elements that must be loaded to facilitate operation of a vTPM.).

Consider Claim 23, 
ELLISON further teaches partitioning a portion of a driver of the first virtual machine to access the first guest operating system (ELLISON, e.g., Fig 3;Col 7:4-14, the virtualization of TPM resources to plural entities is considered analogous to the claimed partitioning.).

Consider Claim 24, 
ELLISON further teaches wherein the first virtual machine is isolated from the second virtual machine (ELLISON, e.g., Fig 3, VMs are illustrated as being separate (i.e., isolated) from each other.).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
[A] Smith et al. (US PGPub No. 2009/0169012) – discloses using a single TPM to provide plural virtualized TPMs (see, e.g., Fig 1).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Gary W Cygiel whose telephone number is (571)270-1170. The examiner can normally be reached Monday - Thursday 11am-3pm PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arpan P Savla can be reached on (571) 272-1077. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Gary W. Cygiel/Primary Examiner, Art Unit 2137