Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.

Information Disclosure Statement

The information disclosure statement filed 07/10/2020 fails to comply with 37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent literature publication or that portion which caused it to be listed; and all other information or that portion which caused it to be listed.  It has been placed in the application file, but the information referred to therein has not been considered. Following cited document is either missing a copy in the file wrapper or entry has incorrect dates:
A46: International Preliminary Report on Patentability dated August 8, 2019 from application no. PCT/US2018/015494 
A47: International Search Report on Written Opinion dated May 16, 2018 from application no. PCT/US2018/015494 



Drawings

The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference character “214” has been used to designate both Client VM and Key Management Coordinator.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.


Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
verifying/extracting/validating, by a "trust agent" in claims 1, 3-4.
Verifying via a “trusted computing module (TPM)” in claim 2.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.


Claim 1, 5-7, 14-15, 19 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention. Claim 1 line 9 recites "work slot" without clearly describing the term in the disclosure. "Work slot" has been described in the specification as "work slot of SKH" in [0067] and "reset the work slot" in [0068], none of which implicitly or explicitly indicate what is "work slot". 


The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.




Claims 1-20 are rejected under 35 U.S.C. 112 (b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or joint inventor regards as the invention.
The following claim language is not clearly understood:
Claim 1 recites virtual work package, trust agent, multiple single level security domain (MSLS), work slot without clearly reciting what these terms are referring to. 
Claim 1 line 1 recites “creating a multi-domain trust agent Virtual Work Package (VWP)”. It is unclear if the trust agent or virtual work package or multi-domain trust agent or multi-domain virtual work package is being created i.e. what are the component being created. 
Claim 1 lines 2-3 recites “verifying, by a trust agent, integrity of a VWP for one of Multiple Single Level Security (MSLS) domains”. It is unclear VWP is verified for what i.e. VWP is compatible with MSLS domain, belongs to MSLS domain i.e. verification is performed for what attribute/characteristics (e.g. verifying integrity of VWP is referring to what attribute/parameter needs to be verified).
Claim 1 line 4 recites “VWP definition”. It is unclearly what constitutes the VWP or VWP definition.
Claim 2 line 2 recites “trusted computing module TPM” without clearly reciting what is TPM. 
Claim 13 lines 1-2 recite “virtualizing hardware of a single multi-tenant cloud”. It is unclear which hardware is virtualized when the cloud may have multiple hardware.
Claim 5 line 2 recites “net guard” and “disk guard” without clearly reciting what are these guards.
Claim 8 lines 1-5 recites “sending” keys and/or instructions. It is unclear when these messages are sent i.e. are these sent before/during/after the verifying/extracting/validating steps recited in claim 1.
Claim limitation “verifying/extracting/validating, by a "trust agent" in claims 1, 3-4” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. It is unclear if the Trust agent is a hardware/software or combination of both. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claims 14 and 15 recites elements of claim 1 and have similar deficiency as claim 1. Therefore, they are rejected for the same rational. Remaining dependent claims are also rejected due to their dependency on the rejected independent claims.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claims 1-3, 5-12, 14-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more or integrating into practical application.  

Based upon at least the decision by the United States Supreme Court in Alice Corp. v. CLS Bank Int'l, 134 S. Ct. 2347, 2354 (2014), post-Alice precedential court decisions, and 2019 Revised Patent Subject Matter Eligibility Guidance, claims 1-3, 5-12, 14-20 are determined to be directed to an abstract idea.  Examples of abstract ideas include at least Mathematical concepts, Mental process and Certain Methods of organizing human activity.

Step 1: Statutory Category (yes/no) 
	Claim 1 recites a method, which falls within the “process” category of 35 U.S.C. § 101. Claim 14 recites “non-transitory computer readable media”, which falls within the “manufacture” category of 35 U.S.C. § 101. Claim 15 recites system … comprising one or more processors and one or more memories”, which  falls within  the “machine” category of 35 U.S.C. § 101. Thus, the analysis determines whether the claims recite a judicial exception and fail to integrate the exception into practical application. See Memorandum, 84 Fed. Re. 54-55. If both elements are satisfied, the claims are directed to a judicial exception under the first step of the Alice/Mayo test, See id.

	Step 2A, Prong One
Independent claim 1 recites the following steps:
[i] 	verifying, by a trust agent, integrity of a VWP for one of Multiple Single Level Security (MSLS) domains;
[ii]	extracting, by the trust agent, configurations of the VWP from a VWP definition of the VWP;
[iii]	validating, by the trust agent, that the configurations of the VWP is compatible with a work slot of a Secure Kernel Hypervisor (SKH);
[iv]	in response to validating that the configurations of the VWP is compatible with the work slot, resetting, by the trust agent, the VWP and the work slot.

The overall process described by steps [i] and [iii] describes “concepts performed in the human mind” or “observation, evaluation, judgement, opinion.” Memorandum, 84 Fed. Reg, 52. Thus steps [i], [iii] recite the abstract concept of [m]ental processes.” Id.
For example, in step [i], “verifying, by a trust agent, integrity of a VWP for…(MSLS) domains” is an example of observation, evaluation, judgment and opinion. Similarly, step [iii], “validating …compatible…SKH” and involves comparison ” is a combination of observation, evaluation, judgement and opinion.
Thus, claim 1 recites a judicial exception. For these same reasons, claim 14 and claim 15 recites judicial exception.
	Step 2A, Prong Two
Because claims 1, 8 and 15 recite a judicial exception, Analysis determines if the claims recites additional elements that integrate the judicial exception into practical application.
In addition to the limitations of claim 1 discussed above that recite the abstract concepts, claim 1 further recites in step [ii] “extracting…configurations…definition of the VWP” and in step [iv] “in response validating...resetting…work slot”. Claim 14 also recites the following additional limitations of “non-transitory computer-readable media”,  “computer-readable instructions”, “processor”, “trust agent”. Claim 15 also recites additional claim elements of “system”, “processors”, “memories”.

The Specification doesn’t provide additional details that would distinguish the additional limitations from a generic implementation of the abstract idea. For example, step [ii] “extracting configuration  from definition” is merely gathering information/data and can’t be considered an improvement to the technology and therefore doesn’t integrate the abstract idea into practical application. Similarly, Step [iv], “in response to validating…resetting…VWP and work slot” involves initialization of resources and clearing of data (See specification ¶ 0068) and can be broadly categorized as generic computing methods as recited in the independent claims. Thus, the step [ii] extracting… and step [iv] …resetting…, under broadest reasonable interpretation, do not integrate the judicial exception into a practical application.
Specification further discloses computer readable media  ¶ 0024, ¶ 0076,. Thus, processors, memories, tangible storage media do not integrate the judicial exception into a practical application.
Further, the additional limitations reciting [ii] extracting… [iv] resetting… do not add any meaningful limitations to the abstract idea because these are merely directed to the insignificant extra-solution activity. See MPEP 2106.05(g).
Thus, claims 1, 14 and 15 are directed to a judicial exception because claims 1, 14 and 15 do not recite additional elements that integrate the judicial exception into a practical application.
	Step 2B
Because claims 1, 14 and 15 are directed to judicial exception, analysis must determine, according to Alice, whether these claims recite an element, or combination of elements that is enough to ensure that the claim is directed to significantly more than a judicial exception. 
The Memorandum, Section III (B) (footnote 36) states:
	In accordance with existing guidance, an Examiner’s conclusion that an additional element (or combination of elements) is well understood, routine, conventional activity must be supported with a factual determination. For more information concerning evaluation of well-understood, routine, convention activity, see MPEP 2106.05(d), as modified by the USPTO Berkheimer Memorandum.
The Berkheimer Memorandum, Section III(A)(1) states:
A Specification demonstrates the well-understood, routine, conventional nature of additional elements when it describes the additional elements as well-understood or routine or conventional (or an equivalent term), as a commercially available product, on in a manner that indicates that the additional elements are sufficiently well-known that the specification does not need to describe the particulars of such additional elements to satisfy 35 §U.S.C. 112(a). A finding that an element is well-understood, routine, or conventional cannot be based only on the fact that the specification is silent with respect to describing such element.
Regarding the processors, memories, non-transitory computer-readable media, the conventional or generalized function terms by which the computer components are described reasonable indicate that Specification discloses conventional component, and describes the component in a manner that indicates that these elements are sufficient well-known that the Specification does not need to describe the particulars of such additional elements to satisfy 35 U.S.C. §112(a). See Spec. ¶ 0024 and ¶ 0075-0076. Further, the Specification does not provide additional details that would distinguish the recited components from generic implementation in the combination. Therefore, these limitations simply append well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception.
Further, the Specification doesn’t provide additional details that would distinguish the additional limitations as recited in the claim from a generic implementation of the abstract idea. For example, Specification discloses “trust agent” as a component that performs various routine computational functions ¶0067, which as recited in the claim could be generic computer performing generic computing methods under broadest reasonable interpretation of the claim elements. 
Further the additional limitations of insignificant pre-solution activity [ii] “extracting …” and insignificant post solution activity [iv] “resetting…” has been recognized by court that receiving, processing, and storing data as well as receiving or transmitting data over a network area well-understood, routing and conventional activities. Mortg. Grader, Inc. v. First choice Loan Servs. Inc., 811 F.3d 1314 (Fed. Cir. 2016) (generic computer components, such as agent, domain, configuration, definition, interface, “network”, and “database,” fail to satisfy the inventive concept requirement); see also TLI Commc’ns, 823 F.3d 607; Elec. Power, 830 F.3d at 1350. There is no indication that the recited claim elements override the conventional use of known features or involve an unconventional arrangement or combination of elements such that the particular combination of generic technology results in anything beyond well-understood, routine, and conventional data gathering and output. Alice, 573 U.S. at 223 (“[T]he mere recitation of a generic computer cannot transform a patent ineligible abstract idea into a patent-eligible invention.”) See also Customedia Techs. LLC v. Dish Network Corp., 951 F.3d 1359, 1366(Fed. Cir. 2020) (“[T]he invocation of ‘already-available computers that are not themselves plausibly asserted to be an advance…amounts to a recitation of what is well-understood, routine, and conventional.”)(quoting SAP Am., Inc. v. InvestPic, LLC, 898F3.d 1161, 1170 (Fed. Cir. 2018)); and buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355(Fed. Cir 2014)(“That a computer receives and sends the information over a network -- with no further specification -- is not even arguably inventive.”).
Thus, Claims 1, 14 and 15 are not directed to significantly more than a patent ineligible concept. 
Dependent claim 2 does not add meaningful limitations to the abstract idea because they further describe the abstract idea of “verifying a signature…”, which is a combination of observation, evaluation, judgement and opinion and is a judicial exception.
Dependent claim 3  does not add meaningful limitations to the abstract idea because they recite receiving information/data and is similar to data gathering activity and can be considered and insignificant pre-solution activity and is no more than a  well-understood, routine and conventional activity routinely performed for data gathering. See Elec. Power, 830 F.3d at 1350 Mortg. Grader, Inc. v. First choice Loan Servs. Inc., 811 F.3d 1314 (Fed. Cir. 2016) (generic computer components, such as interface, “network”, and “database,” fail to satisfy the inventive concept requirement). 
Dependent claims 5-12 do not add any meaningful limitations to the abstract idea because they further describes the generic computing components/methods that are neither inventive nor more than significant and either falls into a technological environment or insignificant pre-post solution activity. There is no indication that the recited claim elements override the conventional use of known features or involve an unconventional arrangement or combination of elements such that the particular combination of generic technology results in anything beyond well-understood, routine, and conventional data gathering and output. Alice, 573 U.S. at 223.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Foley et al. (US 2009/0204964 A1, hereafter Foley)  in view of DAM et al. (US 2018/0189479 A1, hereafter DAM).

As per claim 1, Foley teaches the invention substantially as claimed including a method for creating a multi-domain trust agent Virtual Work Package (VWP) ([0088] multiple independent security domain, VM [0199] trusted agents fig 15), comprising: 
verifying, by a trust agent, integrity of a VWP for one of Multiple Single Level Security (MSLS) domains ([0304] integrity measurement and attestation capabilities, assured, mobile internet end-point MIEP, good state, isolated environment, using VMs, attestable [0088] multiple independent security domain, VM [0199] trusted agents); 
extracting, by the trust agent, configurations of the VWP from a VWP definition of the VWP ([0151] Server Trust and security architecture, mirrors, trust capabilities of the MIEP, server observability across MIEPs [0153] MIEP VM, create trusting environment, MIEP agents, run, mutual authentication and attestation [0157] MIEP, policies); 
validating, by the trust agent, that the configurations of the VWP is compatible Hypervisor ([0153] MIEP, server, agents, run, mutual authentication and attestation [0156] fig 15 trusted virtual machine manager); and 
in response to validating that the configurations of the VWP is compatible ([0153] MIEP, server, agents, run, mutual authentication and attestation [0156] fig 15 trusted virtual machine manager), resetting, by the trust agent, the VWP ([0318] trusted boot process, MIEP, reliable erasure, autonomous basis, data wipe [0319] data wipe, MIEP, policies [0153] MIEP agent). 

 Foley doesn’t specifically teach validating VWP is compatible with a work slot of secure kernel hypervisor (SKH) and in response to the validating, resetting the work slot.
DAM, however, teaches validating VWP is compatible with a work slot of secure kernel hypervisor (SKH) and in response to the validating, resetting the work slot ([0003] security kernel, hypervisor [0017] security condition verification, security domains, first/second functional modules, belongs to set of authorized information exchange [0020] security condition is satisfied fig 4A other possible execution-no 190a acquire initial state 120).

It would have been obvious to one of ordinary skills in the art before the effective filing date of the invention was made to combine the teachings of Foley with the teachings of DAM of secure kernel hypervisor and security condition verification of different functional module of different zone and acquiring initial state after verification  to improve efficiency and allow validating VWP is compatible with a work slot of secure kernel hypervisor (SKH) and in response to the validating, resetting the work slot to the method of Foley as in the instant invention.

		
As per claim 2, Foley teaches wherein verifying the integrity of the VWP comprises verifying a signature of the VWP via a trusted computing module (TPM) ([0235] MIEP VM, signature, Trusted Server [0276]).  

As per claim 3, Foley teaches receiving, by the trust agent, a VWP identifier that identifies the VWP from a Cloud Orchestration System (COS) ([0096] VM, identify, attest state to remote parties); and 
receiving, by the trust agent, an encrypted VWP definition (fig. 8 MIEP-cloud-agent-web services).  

As per claim 4, Foley teaches wherein extracting the configurations of the VWP comprises: 
receiving, by the trust agent, a master key from a trusted computing module (TPM) (fig. 17 trusted agent, virtual service, trusted VM  [0201] encrypted search keys); and 
decrypting, by the trust agent, the encrypted VWP definition of the VWP using the master key ([0251] sever, decrypt, on behalf of thin client ), wherein the configurations comprising one or more of a network domain key, a disk encryption key, boot instructions, or boot definitions ([0199] boot sequence).  

As per claim 5, DAM teaches wherein resetting the VWP and the work slot comprises triggering resetting and clearing of data held by a net guard, a disk guard and a client Virtual Machine (VM) (fig 4A 190a acquire initial state 120 [0093] initiate the dedicated hardware) .  

As per claim 6, DAM teaches -17-4834-3058-7842.1Atty. Dkt. No. 107283-0234the SKH comprises one or more emulated disks having the net guard, the disk guard, and the client VM ([0003] separation kernel ); and 
the net guard and the disk guard created the client VM ([0008] different types of VM).  

As per claim 7,  DAM teaches wherein resetting the VWP and the work slot comprises initialization of resources associated with the SKH ([0003] security kernel, hypervisor [0017] security condition verification, security domains, first/second functional modules, belongs to set of authorized information exchange [0020] security condition is satisfied fig 4A other possible execution-no 190a acquire initial state 120). 
 
As per claim 8, Foley teaches sending initialization messages, wherein sending initialization messages comprises one or more of:
sending a network domain key to a net guard of the SKH; 
sending a disk encryption key to a disk guard of the SKH ([0279] sending, secure channel, encrypted with PCA_PUB); and 
sending one or more of boot instructions or boot definitions to a client Virtual Machine (VM) of the SKH ([0135] HMD actually booted from the MTM).  

As per claim 9, DAM teaches wherein the net guard sends an emulated Network Interface Card (NIC) to the client VM ([0008] provide virtualized network services to the virtual machines).  

As per claim 10, DAM teaches wherein the SKH comprises a separation kernel and a hypervisor ([0003] hypervisor, separation kernel).  

As per claim 11, DAM teaches wherein the separation kernel is a kernel that has no API, no interrupts, and no input/output ports ([0080] separation kernel design).  

As per claim 12, DAM teaches wherein the separation kernel is configured at installation without capabilities to change installed configurations after installation ([0080] separation kernel design).  

As per claim 13, Foley teaches wherein the hypervisor configures to host the MSLS domains by virtualizing hardware to execute a plurality of different operating systems or applications (fig 6 trusted hypervisor [0089] provide flexibility of multiple operating system [0090] multiple independent domain), wherein each of the plurality of different operating systems or applications corresponds to one of the MSLS domains (fig. 6 VM1, guest OS-2, VM2, guest OS-1 [0090] provide multiple independent security domains in the form of VMs).  
DAM teaches remaining claim elements of virtualizing hardware of a single multi-tenant cloud ([0008] several virtual machine in cloud server architecture).

Claim 14 recites non-transitory computer-readable media comprising computer-readable instructions, such that, when executed, causes a processor to implement limitations similar to claim 1. Therefore, it is rejected for the same rational.

Claim 15 recites a system for creating a multi-domain trust agent Virtual Work Package (VWP), comprising: one or more processors and one or more memories, configured to implement limitations similar to claim 1. Therefore, it is rejected for the same rational.
 
Claim 16 recites the system of claim 15, to perform limitations similar to claim 6. Therefore, it is rejected for the same rational.
Claim 17 recites the system of claim 16, to perform limitations similar to claim 6. Therefore, it is rejected for the same rational.
Claim 18 recites the system of claim 17, wherein the trust agent is further configured to perform limitations similar to claim 8. Therefore, it is rejected for the same rational.
Claim 19 recites the system of claim 17, to perform limitations similar to claim 5. Therefore, it is rejected for the same rational.
Claim 20 recites the system of claim 16, to perform limitations similar to claim 9. Therefore, it is rejected for the same rational.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Baldwin; Adrian John (US-20100082991-A1) Trusted Key Management For Virtualized Platforms
Lockett; Christopher S. (US-20140380425-A1)  Polymorphic Computing Architectures
Ramarathinam; Aravind (US-20130339950-A1)  Intermediary Virtual Machine Task Management
Tormasov; Alexander G. (US-8839455-B1) Security Domain In Virtual Environment
Zhong; Wenxiang (US-20150149980-A1) Service Model-Oriented Software System And Operation Method 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU ZAR GHAFFARI whose telephone number is (571)270-3799. The examiner can normally be reached Monday-Thursday 9:00 - 17:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai AN can be reached on 571-272-3756. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ABU ZAR GHAFFARI
Primary Examiner
Art Unit 2195



/ABU ZAR GHAFFARI/Primary Examiner, Art Unit 2195