DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 5-11, 13-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Birger et al. [US 2017/0005990] in view of Hua et al. [US 2018/0330081] and in further view of Yang et al. [US 2014/0095821].
Claim 1 is rejected over Birger, Hua and Yang.
Birger teaches “A computer system for providing perfect forward secrecy in a virtual machine, the system comprising:” as “A method of computer security includes executing on one or more servers of a cloud or data center, the steps of receiving a network identifier for a plurality of functions from a cloud or data center manager, requesting a network key for each function from key server(s) or from a local key generator based on one or multiple secrets” [¶0009]
“a data processing component; a physical memory; and” as “a processor 22 and a memory 24, a processor 8 and a memory 6, and a processor 10 and a memory 6. ” [¶0033]
“local data storage having stored thereon computer executable program code, which when executed by the data processing component causes the data processing component to:” as “a non-transitory computer-readable medium encodes a program for executing on one or more servers the above method.” [¶0011]
“monitor an operation state relating to the virtual machine.” as “we can additionally provide a virtual probe giving the customer the ability to monitor the behavior of the processes of the server.” [¶0075]
Birger does not explicitly teach receive, from an application operating within a virtual machine, a secure memory allocation function for a connection secret, wherein the secure memory allocation function includes a memory size parameter;
However, Hua teaches “receive, from an application operating within a virtual machine, a secure memory allocation function for a connection secret, wherein the secure memory allocation function includes a memory size parameter;” as “an allocation module, configured to allocate virtual physical memories having a same size to the ordinary virtual machine and the trusted virtual machine, where the virtual physical memory of the ordinary virtual machine includes an ordinary memory and a secure memory,” [¶0023]
“allocate memory for the connection secret according to the memory size parameter, wherein the memory includes a memory location and a memory size;” as “the virtual physical memory of the trusted virtual machine includes an ordinary memory and a secure memory, and the ordinary memory of the ordinary virtual machine and the ordinary memory of the trusted virtual machine have a same size;” [¶0116]
Birger and Hua are analogous arts because they teach memory system and allocation of space for data access from the memory.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Birger and Hua before him/her, to modify the teachings of Birger to include the teachings of Hua with the motivation of the isolation at a hardware level can effectively protect the security application in the trusted execution environment from being “disturbed” by a malicious application. [Hua, ¶0003]
The combination of Birger and Hua does not explicitly teach transmit the memory location and the memory size to a virtual machine host to be stored as an entry in a secure database; store the entry in the secure database; and
However, Yang teaches “transmit the memory location and the memory size to a virtual machine host to be stored as an entry in a secure database; store the entry in the secure database; and” as “A process being excluded from checkpoint file may be performing a write operation on a file or a database when checkpointing is performed.” [¶0029]
Birger, Hua and Yang are analogous arts because they teach memory system and allocation of space for data access from the memory.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Birger, Hua and Yang before him/her, to modify the teachings of combination of Birger and Hua to include the teachings of Yang with the motivation of checkpoint can be later used for various purposes such as restoring the VM to a previous state, recovering a long-running process after a crash, distributing a VM image with a preset execution state among multiple users, archiving a VM's execution record, conducting forensic examination, etc. [Yang, ¶0005]
Claim 2 is rejected over Birger, Hua and Yang.
The combination of Birger and Hua does not explicitly teach further comprising: receive, from the application, a secure deallocation function relating to the connection secret;
retrieve the entry from the secure database;
deallocate the memory by overwriting the memory location; and sanitize the memory location indicated by the entry.
However, Yang teaches “further comprising: receive, from the application, a secure deallocation function relating to the connection secret;” as “Sensitive data may persist in the TTY subsystem buffers even after they are deallocated. Hence, to prevent such data from being checkpointed we modify functions: buffer free( ) and tty buffer free all( ) to sanitize the tty buffers on deallocation, static inline ssize t do tty write( ) and void free tty struct( ) to sanitize write buf and echo buf, and n tty close( ) to sanitize the read buf.” [¶0094]
“retrieve the entry from the secure database;” as “Bus 402 carries the data to main memory 406, from which processor 404 retrieves and executes the instructions. The instructions received by main memory 406 may optionally be stored on storage device 410 either before or after execution by processor 404.” [¶0110]
“deallocate the memory by overwriting the memory location; and sanitize the memory location indicated by the entry.” as “the function free pages( ) which deallocates pages is modified, to zero out any page belonging to the target process prior to deallocation.” [¶0061]
Claim 3 is rejected over Birger, Hua and Yang.
The combination of Birger and Hua does not explicitly teach wherein the sanitize comprises overwriting the memory location with random data at least once.
However, Yang teaches “wherein the sanitize comprises overwriting the memory location with random data at least once.” as “If, prior to the checkpoint, the target process deallocates pages containing sensitive information, these page can no longer be identified and cleared. Hence, the function free pages( ) which deallocates pages is modified, to zero out any page belonging to the target process prior to deallocation.” [¶0061]
Claim 5 is rejected over Birger, Hua and Yang.
Birger teaches “wherein the connection secrets include a session key relating to a secure connection between the application and a server.” as “the steps of receiving a network identifier for a plurality of functions from a cloud or data center manager, requesting a network key for each function from key server(s) or from a local key generator based on one or multiple secrets, allocating a plurality of isolated network interfaces based on a cloud or data center provider and/or customer requirements” [¶0009]
Claim 6 is rejected over Birger, Hua and Yang.
Birger teaches “wherein the secure memory allocation function includes a number of memory blocks parameter.” as “ A block cipher which divides a message or file and encrypts in a block (e.g., 64-bit or 128-bit) or a stream cipher which encrypts by bytes or bits.” [¶0048]
Claim 7 is rejected over Birger, Hua and Yang.
Birger teaches “further comprising: receive a notice indicating a change to the operation state of the virtual machine;” as “In additional features, the server is tamperproof, wherein each cloud function is signed and the signature is periodically verified for integrity, and the behavior of each cloud function is monitored by deep packet inspection for logical or behavioral changes” [¶0075]
“determine the operation state of the virtual machine;” as “ VSV files hold saved state of the data. ” [¶0048]
The combination of Birger and Hua does not explicitly teach retrieve the entry from the secure database relating to the virtual machine; and
sanitize, based on the operation state of the virtual machine, the memory location indicated by the entry.
However, Yang teaches “retrieve the entry from the secure database relating to the virtual machine; and” as “ A process being excluded from checkpoint file may be performing a write operation on a file or a database when checkpointing is performed.” [¶0029]
“sanitize, based on the operation state of the virtual machine, the memory location indicated by the entry.” as “If, prior to the checkpoint, the target process deallocates pages containing sensitive information, these page can no longer be identified and cleared. Hence, the function free pages( ) which deallocates pages is modified, to zero out any page belonging to the target process prior to deallocation.” [¶0061]
Claim 8 is rejected over Birger, Hua and Yang.
Birger teaches further comprising: determine the memory, including the connection secret, is stored in storage;” as “receiving a storage identifier for a plurality of functions from a cloud or data center manager, requesting a storage key for each cloud or data center function from key server(s) or from a local key generator based on one or multiple secrets,” [¶0009]
The combination of Birger and Hua does not explicitly teach locate a storage location within the storage storing the connection secret; and sanitize the storage location.
However, Yang teaches “retrieve the entry from the secure database relating to the virtual machine; and” as “ the function free pages( ) which deallocates pages is modified, to zero out any page belonging to the target process prior to deallocation.” [¶0061]
Claim 9 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 1.
Claim 10 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 2.
Claim 11 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 3.
Claim 13 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 5.
Claim 14 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 6.
Claim 15 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 7.
Claim 16 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 8.
Claim 17 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 1.
Claim 18 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 2.
Claim 20 is rejected over Birger, Hua and Yang with the same rationale of rejection of claim 7.
Allowable Subject Matter
Claims 4, 12 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MASUD K KHAN whose telephone number is (571)270-0606. The examiner can normally be reached Monday-Friday (8am-5pm).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on (571) 270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MASUD K KHAN/            Primary Examiner, Art Unit 2132