DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status
This instant application No. 16/177,258 has claims 1, 4-5, 7-10, 14-15, 17-19, and 22-23 pending.  
Claims 2-3, 6, 11-13, 16, and 20-21 are cancelled.

Objections
Claims 1 and 10 have been objected for the following reason: minor informalities. 
Claim 1 – grammatical error
“1. (currently amended) A computer-implemented method for providing secure execution environments in a computer system, the method comprising: 
…
in response to the request for the secure execution environment and being equal to the received measurement, deploying a new enclave virtual computing instance in the computer system, and creating the secure execution environment in the new enclave virtual computing instance, the new enclave virtual computing instance including at least virtual processor and virtual volatile memory without any virtual non-volatile storage, without any virtual networking interface and without any operating system, the virtual processor of the new enclave virtual computing instance being an emulated resource corresponding to a physical processor resource of the computer system, and the virtual volatile memory of the new enclave virtual computing instance being an emulated resource corresponding to a physical volatile E748 (VMW-1242)memory resource of the computer system, ...”
Claim 10 – grammatical error
“10. (currently amended) A non-transitory computer-readable storage medium containing program instructions for method for providing secure execution environments in a computer system, wherein execution of the program instructions by one or more processors of the computer system causes the one or more processors to perform steps comprising: 
…
in response to the request for the secure execution environment and being equal to the received measurement, deploying a new enclave virtual computing instance in the computer system and creating the secure execution environment in the new enclave virtual computing instance, the new enclave virtual computing instance including at least virtual processor and virtual volatile memory without any virtual non-volatile storage, without any virtual networking interface and without any operating system, the virtual processor of the new enclave virtual computing instance being an emulated resource corresponding to a physical processor resource of the computer system, and the virtual volatile memory of the new enclave virtual computing instance being an emulated resource corresponding to a physical volatile memory resource of the computer system, …  ”

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 4-5, 10, 12, 14-15, 19, and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Potlapally et al. (Pat. No. US/9792143) in view of Horovitz et al. (Pub. No. US2015/0089502) in view of Xing et al. (Pub. No. US2017/0286721) in view of Sood et al. (Pub. No. US2018/0114012).
Regarding claims 1, 10, and 19, Potlapally discloses the following: 
(currently amended) A computer-implemented method for providing secure execution environments in a computer system, the method comprising: 
receiving a secure execution environment creation request, from a software process running in a virtual computing instance in the computer system, to create a secure execution environment for content, 
***EXAMINER’S INTERPRETATION: 
For the step of “receiving a request, from a software process running in the computer system, to create a secure execution environment for content”, there is language for an intended purpose. 
The step of “receiving a request, from a software process running in the computer system” represents an active step explicitly recited. 
However, the language “to create a secure execution environment for content” represents an intended purpose which is not explicitly performed.
Therefore, patentable weight is only given to the step of “receiving a request, from a software process running in the computer system”.
(Potlapally teaches receiving a secure execution environment creation request, from a software process running in a virtual computing instance or VM in the computer system [Column 2, Lines 4-10], to create a secure execution environment or “shared computing environment” [Column 1, Lines 53-54 and 61-62], e.g. “When a request to perform a secure operation is received from a customer VM, the VMM can cause the system to operate in a secure mode, creating a secure partition or secure enclave on the commodity platform” [Column 2, Lines 4-7], for content or measurement data [Column 6, Lines 60-67], e.g. “a customer virtual machine (VM) running on the VMM” [Claim 1 of Potlapally]. 
A software processing running a customer virtual computing instance is cited as follows: “the customer VM 304 can issue a call, such as a hypercall, to the VMM to initiate secure computations. In this example, the call can also include a request to enter a secure mode of operations, although in some embodiments the secure mode can be entered automatically according to the content or type of request, among other such options” [Column 5, Lines 25-30])
in response to the request for the secure execution environment, deploying a new enclave virtual computing instance in the computer system, and creatingin the new enclave virtual computing instance, the new enclave virtual computing instance including at least virtual processor and virtual volatile memory without any virtual non-volatile storage;
(Potlapally teaches, in response to the request for the secure execution environment, deploying a new enclave virtual computing instance in the computer system and creating create the secure execution environment, e.g. “When a request to perform a secure operation is received from a customer VM, the VMM can cause the system to operate in a secure mode, creating a secure partition or secure enclave on the commodity platform” [Column 2, Lines 4-7], in the new enclave virtual computing instance [Column 1, Lines 50-67; Column 2, Lines 1-19], the new enclave virtual computing instance including at least virtual processor and virtual volatile memory, e.g. “The trusted co-processor can include one or more processors, memory” [Column 4, Lines 61-63], without any virtual non-volatile storage [Column 11, Lines 4-9, 24-25, and 53-54])
loading the content into the new enclave virtual computing instance; and
(Potlapally teaches loading the new content into the enclave virtual computing instance, e.g. “this can involve secure world firmware (SWF) of the co-processor determining aspects or contents of the code for the VMM upon a secure or measured boot of the VMM and generating a hash of the code, among other such options. The measurement data for the VMM can then be stored 406 in a secure location, such as in secure memory of the trusted co-processor” [Column 6, Lines 60-67])
facilitating execution of at least one task using the content in the new enclave virtual computing instance.  
(Potlapally teaches facilitating execution of at least one task using the content in the new enclave virtual computing instance to ensure confidentiality of the content, e.g. “This can trigger the VMM to establish a trusted enclave in at least some embodiments. The VMM can also mark 414 the appropriate memory pages of the customer VM to be used for the secure operations, such as to securely store the data or keys for the secure operation(s). Access (i.e., DMA access) to the marked pages can be blocked 416, such that access is restricted to the trusted co-processor and customer VM in at least some embodiments. In other embodiments, at least access by other domains or VMs is restricted. The VMM can then issue 418 calls, such as co-processor memory mapped I/O (MMIO) calls to perform the secure operation(s) using the customer VM data.” [Column 7, Lines 36-47])

However, Potlapally does not disclose the following:
the virtual processor of the new enclave virtual computing instance being an emulated resource corresponding to a physical processor resource of the computer system, and the virtual volatile memory of the new enclave virtual computing instance being an emulated resource corresponding to a physical volatile 2E748 (VMW-1242)memory resource of the computer system, 
Nonetheless, this feature would have been made obvious, as evidenced by Horovitz.
(Horovitz teaches the virtual processor of the new enclave virtual computing instance “emulated vCPU” [0046] being an emulated resource corresponding to a physical processor resource “CPU” of the computer system [0021, 0050], the virtual volatile memory “guest memory” of the new enclave virtual computing instance [0019] being an emulated resource corresponding to a physical volatile memory “system memory” [0019] resource of the computer system [0015, 0021])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally with the teachings of Horovitz. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply the teachings of Horovitz to provide evidence of emulated resources for respective resources of Potlapally. 
There would be two motivations as follows: 
(1) “the concept of an "enclave" involves both the memory and the hardware processor itself. In practice, to implement one or more enclaves, the CPU 110 is configured by the manufacturer to enable selection of one or more portions of memory and to transparently encrypt and verify its/their contents as it/they get/s pulled into the CPU cache for execution and access” [0021 – Horovitz].
(2) “two contexts (for example, threads or processes) are associated with each emulated vCPU 210 (FIG. 1), but only one of these contexts is allowed to be actively executing at any point in time” [0046 – Horovitz].

However, Potlapally in view of Horovitz does not disclose the following:
(1)	wherein the secure execution environment creation request includes that uniquely identifies, and wherein the measurement includes a hash value of the enclave composition/construction log; 
(2)	calculating a new hash value of the received enclave composition/construction log and comparing the new hash value with the received measurement, wherein the comparing validates
(3)	in response to the request for the secure execution environment and that the new hash value is equal to the received measurement, deploying a new enclave virtual computing instance in the computer system, and creatingin the new enclave virtual computing instance, the new enclave virtual computing instance including at least virtual processor and virtual volatile memory without any virtual non-volatile storage, without any virtual networking interface and without any operating system, 
(4)	loading the content from the enclave composition/construction log into the virtual volatile memory of the new enclave virtual computing instance; 
(5)	facilitating execution of at least one task using the content in the new enclave virtual computing instance
Nonetheless, this feature would have been made obvious, as evidenced by Xing.
(1) (Xing teaches that the secure execution environment creation request [0010, 0022], e.g. “Functions performed by the enclave image may be invoked by an untrusted application” [0010] and “For example, a banking client may invoke a function call to determine a measurement value of the enclave image 218 so that it may be compared against a prior known value that is deemed valid and/or otherwise trustworthy” [0022], includes a measurement and an enclave composition/construction log – including “address information and/or size information (of page types) are written to a corresponding executable file to be used during the load-time phase” [0011], “corresponding code and/or data of the enclave file” [0012], “page information generated by the one or more signing tools of the SGX SDK are referred to as metadata” [0011] – associated with the secure execution environment being requested, the enclave composition/construction log including at least the content [0012], the measurement including information that uniquely identifies the enclave composition/construction log, e.g. “one or more static components identified by the metadata created by the one or more signing tools of the SGX SDK” [0012], and wherein the measurement includes a hash value or expected measurement value of the enclave composition/construction log [0012])
(2) (Xing teaches calculating a new hash value of the received enclave composition/construction log, e.g. “invoke a function call to determine a measurement value of the enclave image 218” [0022], and comparing the new hash value with the received measurement [0022], the comparing the received enclave composition/construction log, e.g. “so that it may be compared against a prior known value that is deemed valid and/or otherwise trustworthy” [0022])
(3) (Xing teaches in response to the request for the secure execution environment [0010, 0012] and that the new hash value is equal to the received measurement [0018, 0022], deploying a new enclave virtual computing instance in the computer system [0018, 0022], e.g. “permit an ISV to deploy an enclave image file to a target platform when the target processor type (e.g., static SGX processor, dynamic SGX processor) is unknown, thereby removing ISV concern for specifically tailoring the enclave file for one or more memory management instructions that are specific to a target SGX processor” [0022], and creating the secure execution environment in the new enclave virtual computing instance via ECREATE [0012], e.g. “To generate an enclave memory layout that is compatible with both types of SGX processors, and to prevent any ISV efforts and/or concerns regarding generating an enclave memory layout that conforms to a particular measurement value, the example address space manager 306 applies a virtual address multiplication factor when determining a virtual address size value” [0027], the new enclave virtual computing instance including at least virtual processor, e.g. target SGX processor [0016, 0018], and virtual volatile memory, e.g. “a portion of virtual memory (trusted memory)” [0010], without any virtual non-volatile storage – evidence of “static or dynamic heap/stacks” which part of RAM volatile storage and thereby not virtual non-volatile storage [0013], without any virtual networking interface, which causes lack of access to external applications [0010], and without any operating system [0010], e.g. “inaccessible by external applications and/or the operating system (OS)” [0010])
(4) (Xing teaches loading the content from the enclave composition/construction log into the virtual volatile memory, e.g. “the target/desired enclave image file is loaded (during load-time) into virtual memory 214 in a particular layout for runtime execution (e.g., see FIGS. 1A and 1B), which includes any number of additional components needed for such execution (e.g., heaps, stacks, threads, etc.)” [0024], of the new enclave virtual computing instance – evidence by runtime of the instance [0038])
(5) (Xing teaches facilitating execution [0027] of at least one task/service [0048] using the content in the new enclave virtual computing instance [0013, 0024, 0048], e.g. “In some examples, enclave image files are stored on disk and transferred to a relatively faster storage device, such as the example physical memory 206 of FIG. 2. Ultimately, the target/desired enclave image file is loaded (during load-time) into virtual memory 214 in a particular layout for runtime execution (e.g., see FIGS. 1A and 1B), which includes any number of additional components needed for such execution (e.g., heaps, stacks, threads, etc.).” [0024])
These teachings of Xing are applicable on enclave virtual computing instances in the host platform of Potlapally in view of Horovitz.
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz with the teachings of Xing. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Rationale G. Teaching, Suggestion, and Motivation. 
The motivation would have been to “reduce ISV involvement when developing and/or deploying enclave services so that multiple different target processor platforms can implement such enclave services” [0048 – Xing].

However, Potlapally in view of Horovitz in view of Xing does not disclose the following:
(1)	wherein the new enclave virtual computing instance is same type of isolated software entity as the virtual computing instance;
***EXAMINER’S INTERPRETATION: 
For the step of “deploying a new enclave virtual computing instance in the computer system to create the secure execution environment”, there is language for an intended purpose. 
The step of “deploying a new enclave virtual computing instance in the computer system” represents an active step explicitly recited. 
However, the language “to create a secure execution environment” represents an intended purpose which is not explicitly performed.
Therefore, patentable weight is only given to the step of “deploying a new enclave virtual computing instance in the computer system”.
(2)	E748 deleting the new enclave virtual computing instance from the computer system after the at least one task has been performed in the new enclave virtual computing instance.
Nonetheless, this feature would have been made obvious, as evidenced by Sood.
(1) (Sood teaches that the new enclave virtual computing instance is same type of isolated software entity as the virtual computing instance [0128, 0143], as evidenced by 1) a feature that “isolates particular packet processing services (e.g., decryption, de-compression, packet inspection) into separate VMs that may run services (applications or apps) on different guest operating systems (OSs) from different software vendors” [0128] and 2) recited “functionality of each of the foregoing components should be implemented within a HISEE (Hardware-based Isolated Secure Execution Environment), with every instantiation identified by its globally unique instance identifier” [0143])
(2) (Sood teaches deleting the new enclave virtual computing instance from the computer system after the at least one task has been performed in the new enclave virtual computing instance, e.g. “Upon application exit, the driver reclaims EPC pages with an EREMOVE instruction” [0057])
These teachings of Sood provide evidence which would suggest that a new enclave virtual computing instance of Potlapally in view of Horovitz in view of Xing is capable of being deployed in response to 1) the request for the secure execution environment and 2) that the new hash value is equal to the received measurement, as taught by Sood.
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz in view of Xing with the teachings of Sood. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: 
Rationale G. Teaching, Suggestion, and Motivation.
The motivation to apply these teachings would have been as follows: “At this point the enclave is ready for use by the application. Subsequently, an application will either exit the enclave on its own (e.g., in response to a user or automated control input to exit the enclave), or in connection with shutting down the application. This is depicted in a block 418, wherein the enclave returns control to the application with an EEXIT instruction” [0056 – Sood]. 
Regarding claims 4 and 14, Potlapally in view of Horovitz in view of Xing in view of Sood discloses the following:
wherein the content includes at least one of computer code and data.  
(Potlapally teaches that the content includes at least one of computer code and data, e.g. “contents of the code” and “a hash of the code” [Column 6, Lines 60-67])
Regarding claims 5, 15, and 22, Potlapally in view of Horovitz in view of Xing in view of Sood discloses the following:
wherein loading the content into the enclave virtual computing instance includes encrypting the content using memory encryption technology provided by a processor of the computer system to store the content in the virtual volatile memory of the enclave virtual computing instance.  
(Potlapally teaches loading the content into the enclave virtual computing instance [Column 6, Lines 60-64] includes encrypting the content using memory encryption technology or memory encryption functionality provided by a processor of the computer system [Column 6, Lines 32-38] to store the content in the virtual volatile memory of the enclave virtual computing instance, e.g. “the secure operations can include the encryption, decryption, or signing of data, among other such options. The data can be stored by the customer VM, stored by the trusted co-processor, received over a secure channel, or otherwise obtained or provided” [Column 7, Lines 4-8]. 
For the cited memory encryption technology, Potlapally discloses the following: 
“cryptographic functionality in the trusted and high-privileged peripheral, or trusted co-processor, and use that functionality to cryptographically protect (i.e., encrypt, decrypt, sign, verify, or hash) sensitive information” [Column 6, Lines 32-38])
Claim(s) 7-8, 17-18, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li (Pub. No. US2019/0370467).
Regarding claims 7, 18, and 23, Potlapally in view of Horovitz in view of Xing in view of Sood does not disclose the following: 
further comprising performing an attestation process for the enclave virtual computing instance using another enclave virtual computing instance running in the computer system to authenticate the enclave virtual computing instance.  
Nonetheless, this feature would have been made obvious, as evidenced by Li.
(Li teaches performing an attestation process for the enclave virtual computing instance using another enclave virtual computing instance running in the computer system [0029-0030, 0032] to authenticate the enclave virtual computing instance [0029])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz in view of Xing in view of Sood with the teachings of Li. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Use the attestation feature of Li on the enclave virtual computing instances of Potlapally in view of Horovitz in view of Xing in view of Sood. 
The motivation would have been to benefit from “evidence generation based on SGX local attestation” [0029 – Li].
Regarding claim 8, Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li disclose the following: 
wherein performing the attestation process for the enclave virtual computing instance includes determining whether the enclave virtual computing instance and the another enclave virtual computing instance are running on the same authentic platform.  
(Li teaches wherein performing the attestation process for the enclave virtual computing instance  [0014, 0027]includes determining whether the enclave virtual computing instance and the another enclave virtual computing instance are running on the same authentic platform, e.g. “an inspection process is performed on VMB to determine whether VMA and VMB are co-located” [0018; Claim 11 of Li)
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz in view of Xing in view of Sood with the teachings of Li.
The modification would have been to apply this attestation process of Li on the enclave virtual computing instances of Potlapally in view of Horovitz in view of Xing in view of Sood. 
The motivation would have been to benefit from “local attestation service provided by Intel SGX” [0027 – Li] and provide an inspect report, whereby “the inspect report comprises: a list of VMs of the at least two VMs sharing the same host machine in a case where the at least two VMs share the same host machine;” [Claim 11 of Li].
Regarding claim 17, Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li disclose the following: 
wherein deploying the enclave virtual computing instance includes deploying an enclave virtual machine.  
(Li teaches deploying the enclave virtual computing instance, e.g. “The first is that the cloud customer keeps a measurement value MRENCLAVE of the enclave A.sub.0. The second is that for each A.sub.0 instantiated for VM.sub.i” [0028], that includes deploying an enclave virtual machine (new VM) [0021]. 
For evidence of deploying an enclave VM, please see citation below: 
“When the cloud customer deploys a new VM VM.sub.i to the cloud, untrusted application A and TEE application A.sub.0 are also installed on VM.sub.i and in the TEE of the corresponding platform, respectively. Platform and physical machine will be used interchangeably, thus physical machine 101 and physical machine 103 are two separate platforms even if the TEE implementations are running on similar secure hardware (e.g., ARM TrustZone). Untrusted application A interacts with the cloud customer and forwards messages to TEE application A.sub.0. In an embodiment where the TEE implementation is based on Intel.RTM. SGX technology, the TEE application A.sub.0 is a signed enclave” [0021])
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz in view of Xing in view of Sood with teachings of Li. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Apply the deploying step of Li for the enclave virtual computing instance of Potlapally in view of Horovitz in view of Xing in view of Sood.
The motivation would have been as follows: “the cloud infrastructure instantiates a new VM on a host machine based on the VM deployment request” [0036 – Li].
Claim(s) 9 is rejected under 35 U.S.C. 103 as being unpatentable over Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li in view of Sapek (Pub. No. US2021/0037001 filed on July 18, 2018; hereinafter Sapek) in view of Negi et al. (Pub. No. US2017/0104597 published on April 13, 2017; hereinafter Negi-2017).
Regarding claim 9, Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li disclose the following: 
wherein performing the attestation process for the new enclave virtual computing instance comprises: 
	E748requesting a report from an enclave manager in the computer system by the new enclave virtual computing instance; 
(Li teaches requesting a report from an enclave manager or TEE Inspect App.0. in the computer system by the new enclave virtual computing instance, e.g. “Upon an INSPECT request, the TEE Inspect App.sub.0 will verify the pieces of evidence and generate a report that states whether the new VM co-locates with any of the existing VMs” [0018])
	authenticating the report using a hypervisor root key associated with the another enclave virtual computing instance, including determining whether the hypervisor root key associated with the new enclave virtual computing instance matches the hypervisor root key associated with the another enclave virtual computing instance.
(Li teaches authenticating the report via “EREPORT” [0023], e.g. “and integrity checks from TEE application A.sub.0 in order to guarantee that it has not been tampered with while being transmitted to the cloud customer” [0033], using a hypervisor root key [0034] associated with the another enclave virtual computing instance, including determining whether the hypervisor root key associated with the new enclave virtual computing instance matches the hypervisor root key associated with the another enclave virtual computing instance [0032, 0037, 0041], e.g. “the trusted application verifies that a hashed public key of an author matches public keys of enclaves where each piece of evidence was collected. For each public key that matches the hashed public key, the trusted application determines to try and unseal the evidence” [0042])
Applying teachings of Li pertaining to a requested report via an EREPORT instruction, as performed by one or more enclaves. These enclaves were found and cited in prior art of Potlapally in view of Horovitz in view of Xing in view of Sood. Citations of Li suggest that the enclaves can perform an EREPORT instruction.  
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz in view of Xing in view of Sood with the teachings of Li. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Rationale G. Teaching, Suggestion, and Motivation Test. 
The motivation would have been to benefit from “an INSPECT protocol” [0042 – Li].

However, Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li does not disclose the following:
wherein performing the attestation process for the new enclave virtual computing instance comprises: 
sending an identity of the another enclave virtual computing instance to the new enclave virtual computing instance from the another enclave virtual computing instance; 3 
Nonetheless, this feature would have been made obvious, as evidenced by Sapek.
(Sapek teaches sending an identity of the another enclave virtual computing instance to the new enclave virtual computing instance [Abstract, 0022, 0082] from the another enclave virtual computing instance, e.g. “receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity” [Abstract])
The the sending step of Sapek is a well-known technique that can be performed on the disclosed new enclave virtual computing instance of Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li.
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li with the teachings of Sapek. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: 
Rationale D.  Applying a known technique to a known device (method, or product) ready for improvement to yield predictable results.
This would yield a predictable result of performing an authentication process using the sent identity, and determine the validity of respective assertions made by enclaves [0082 – Sapek].

However, Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li in view of Sapek does not disclose the following:
wherein performing the attestation process for the new enclave virtual computing instance comprises: 
(1)	receiving the report from the enclave manager at the new enclave virtual computing instance, the report being generated using a hypervisor root key associated with the new enclave virtual computing instance; 
(2)	sending the report back to the enclave manager via the another enclave virtual computing instance; and 
Nonetheless, this feature would have been made obvious, as evidenced by Negi-2017.
(1) (Negi-2017 teaches receiving the report from the enclave manager at the new enclave virtual computing instance [0068, 0076], e.g. “executing the EREPORTVMX instruction, the VVE 218 may use the received attestation information, re-sign the received attestation information with a previously provisioned server key to indicate that the correct VVE 218 has possession of the attestation information, and send the attestation information to the remote attestation server for attestation of the local root security VMM” [0068], the report being generated using a hypervisor root key associated with the new enclave virtual computing instance [0069, 0076])
(2) (Negi-2017 teaches sending the report back to the enclave manager via the another enclave virtual computing instance [0076-0077], e.g. “Thus, copying the data from the VMCS a locality check by reporting information directly from the active VMCS. The VMCS is managed by the root security VMM on the computing device 100” [0076])
Apply the sending and receiving techniques of Negi-2017 on the enclaves of Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li in view of Sapek.
At a time prior to the effective filing date of Applicant’s claimed invention, it would have been obvious to modify Potlapally in view of Horovitz in view of Xing in view of Sood in view of Li in view of Sapek with the teachings of Negi-2017. 
One of ordinary skill in the art would recognize the desirability of performing the following modification: Rationale D.  Applying a known technique to a known device (method, or product) ready for improvement to yield predictable results.
The techniques of Negi-2017 would yield predictable results of mutually authenticating “with the root secure VMM and ensure that the root security VMM co-exists on the same local computing device” [0076 – Negi-2017].

Response to Amendment
Applicant’s arguments, see “REMARKS”, filed January 27, 2022, with respect to claims 1, 4-5, 7-10, 14-15, 17-19, and 22-23.
Applicant’s arguments have been respectfully considered. However, the arguments are moot due to a new grounds of rejection.
Therefore, Examiner maintains the rejections under 35 U.S.C. 103 for the independent and the dependent claims.
Examiner recommends that Applicant further amend the claims to overcome the rejection set forth, along with the prior art of record.

Conclusion  
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Gilles Kepnang whose telephone number is (571) 270-7417. Business hours for Examiner are Monday – Friday (8:00 AM – 5:00 PM).
If attempts to reach the Examiner by telephone are unsuccessful, please contact Lewis Bullock (571) 272-3759. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GILLES R KEPNANG/Examiner, Art Unit 2199                                                                                                                                                                                                        May 2, 2022

/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199