DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on February 22, 2022 in response to the first office action on merit.

Remarks
Pending claims for reconsideration are claims 1-20. Applicant has
Amended claims 1, 4-5, 11-12, 14, 16-17, and 19. 

Response to Arguments
Applicant’s arguments filed on February 22, 2022 with respect to the amended claims have been considered but they are deemed moot in view of the new grounds of rejection (see 103 rejection below).

Claim Rejections - 35 USC § 101

Applicant has amended claims 11-18; therefore, the ejection under 35 U.S.C. 101 is withdrawn.  


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1- 20 are rejected under 35 U.S.C. 103 as being unpatentable over Xiangke et al. (Chinese Patent Application Publication No.: CN 105022954 B / or “Xiangke” hereinafter [provided by the applicant]) in view of Arora et al. (US Patent No.: US 10,754,967 B1 / or “Arora” hereinafter).

Regarding claim 1, Xiangke discloses “A Secure World access method, comprising” (Page 1, Abstract: a method of security kernel service is disclosed): 
“creating a first virtual machine in a Normal World” (Page 5, Para 3: CPU provides support for TrustZone technology, and system resources are divided into two zones: a Secure world secure zone, and a Normal world normal zone); 
“loading a plurality of programs in the Normal World to the first virtual machine after creating the first virtual machine, wherein the plurality of programs comprises a kernel and a first user program, wherein the kernel runs in a first-level mode, wherein the first user program runs in a second-level mode, and wherein the first-level mode is higher than the second-level mode; creating, in the Normal World, a second virtual machine that runs in the first-level mode when the first user program needs to access a Secure World” (Page 5, Para 3: the Secure world cannot be accessed by software and hardware of the Normal world; a processor has two virtual states, Non-secure (equivalent to creating a first virtual machine in a non-secure world) and Secure; the TrustZone provides two virtual MMUs, each secure context has a transition table thereof independently controlling address mapping; the method comprises: keeping a lowest privilege (equivalent to the at least one user program running under a second level mode) level of the application program under a user state, dividing a kernel of an operating system into a system state of a second lowest privilege level and a kernel state of a highest privilege level (equivalent to the multiple programs comprising the kernel, wherein the kernel runs under a first level mode; the first level is higher than the second level), establishing a dynamic security kernel service framework in the kernel state to serve as a container for the security kernel service, and providing a service for the system of the system state by means of a call interface SKSC for the security kernel service; and establishing a virtual driving interface in the system state to support the user state to call the security kernel service (equivalent to creating a second virtual machine running under the first level mode in the non-secure world when determining that the at least one user program is required to access a secure world); 
Xiangke fails to explicitly teach “stripping the first user program from the first virtual machine after creating the second virtual machine”; 
and loading the first user program to the second virtual machin, wherein the first user program directly receives information from a trusted program in the Secure World using the second virtual machine.” 
However, Arora discloses “and stripping the first user program from the first virtual machine after creating the second virtual machine” (Arora, Col 7:43-47, interrupting execution of the application; and Col 10: 26-39: halts executing of the program in a Virtual Machine); 
“and loading the first user program to the second virtual machin, wherein the first user program directly receives information from a trusted program in the Secure World using the second virtual machine” (Arora, Col 8:1-29; and Col 10: 40-62, loads the application is a second Virtual Machine access secure content).  
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of striping off a first program from a virtual machine and loading the program in second virtual machine in order to access secure world of Arora to the system of Xiangke where halting the application would “…isolates the secure assets from un-trusted applications executing within the non-secure zone and thus secures the assets from malicious attack” (Col 3:48-52) and the ordinary person skilled in the art would have been motivated to combine to “…separate environments associated with the separate zones in order to perform different functions and execute different applications associated with each
zone” (Arora, Col 5:20-23).

Regarding claim 2, in view of claim 1, Xiangke discloses “wherein the plurality of programs comprises one or more other programs, and wherein the method further comprises: setting a virtualization list; to prohibit one or more of the plurality of programs, other than the first user program, from accessing a memory page of the first user program” (Page 5, Para 3: discloses memory access allowed by programs).   
Regarding claim 3, in view of claim 1, Xiangke discloses “wherein creating, in the Normal World, the second virtual machine that operates in the first-level mode comprises allocating, to the second virtual machine, a resource exclusive to the first user program” (Page 5, Para 3: discloses allow access to certain programs but not others).     

Regarding claim 4, in view of claim 1, Xiangke in view of Arora disclose “wherein the plurality of programs further comprises an agent program that corresponds to the first user program, wherein the Secure World access method further comprises using the agent program as an agent of the first user program in the first virtual machine after stripping the first user program from the first virtual machine so as to trigger the kernel to process an event that is to be processed by the kernel, and wherein the event is generated when the first user program is running in the second virtual machine” (Arora, Col 6:6-19, monitor module handles request and request to carry out). 

Regarding claim 5, in view of claim 4, Xiangke in view of Arora disclose “further comprising: obtaining the event for processing by the kernel, wherein the event is generated when the first user program is running in the second virtual machine; storing a first context of the second virtual machine; and restoring a second context of the agent program in the first virtual machine to trigger the kernel to process the event” (Arora, Col 7:16-54, saving state information).  

Regarding claim 6, in view of claim 5, Xiangke in view of Arora disclose “wherein the method further comprises restoring the first user program in the second virtual machine after the first virtual machine completes processing of the event” (Arora, Col 8:21-29, executes the second virtual machine; and Claim 1).    

Regarding claim 7, in view of claim 4, Xiangke in view of Arora disclose “wherein the event is one of an interrupt event, a page fault exception event, or a system invocation event” (Arora, Col 8:21-29, interrupts is disclosed).   
Regarding claim 8, in view of claim 1, Xiangke in view of Arora disclose “wherein before the stripping, the Secure World access method further comprises: determining that the first user program is a secure user program” (Arora, Col 6:6-19, only trusted application is allowed to access the secure zone).  
Regarding claim 9, in view of claim 8, Xiangke in view of Arora disclose “wherein the determining comprises: obtaining a first hash value group and a second hash value group, wherein the first hash value group comprises at least one first hash value, wherein the second hash value group comprises at least one second hash value, wherein each of the at least one first hash value is in a one-to-one correspondence with each of at least one data object in the first user program, wherein each of the at least one first hash value is a current hash value of the corresponding at least one data object, wherein each of the at least one second hash value is in a one-to-one correspondence with each of the at least one data object, and wherein the at least one second hash value is a factory-set hash value of the at least one data object; and determining that the first user program is the secure user program, wherein the first hash value group is the same as the second hash value group” (Arora, Col 4:64 to Col 5:1-4, message authentication codes of the application are consulted to authenticate its trust).  
Regarding claim 10, in view of claim 1, Xiangke “wherein the method is implemented by an advanced reduced instruction set computing machines (ARM) processor, and wherein the first-level mode is an exception level 1 (EL1) mode and the second-level mode is an exception level 0 (ELO) mode” (Page 5: Para 2, discloses ARM processor with different modes).  

Regarding claim 11, Xiangke discloses “A computer program product for Secure World access comprising a non-transitory computer instructions that, when executed by a hardware layer of a Normal World, cause an apparatus to be configured to: 
create, in the Normal World, a first virtual machine;
 load a plurality of programs in the Normal World to the first virtual machine after creating the first virtual machine, wherein the plurality of programs comprise a kernel and a first user program, wherein the kernel runs in a first-level mode, wherein the first user program runs in a second-level mode, and wherein the first-level mode is higher than the second- level mode; 
create, in the Normal World, a second virtual machine when the first user program needs to access a Secure World; 
strip the first user program from the first virtual machine after creating the second virtual machine; and 
load the first user program to the second virtual machine after the first user program is stripped from the first virtual machine to enable the first user program to access a Secure World using the second virtual machine, wherein the first user program directly receives information from a trusted program in the Secure World using the second virtual machine, and wherein the second virtual machine is implemented in the second-level mode” (see rejection of claim 1). 
Regarding claim 12, in view of claim 11, Xiangke discloses “wherein the instructions further cause the apparatus to be configured to set a virtualization list to prohibit one or more other programs in the plurality of programs, other than the first user program, from accessing a memory page of the first user program” (see rejection of claim 2).   

Regarding claim 13, in view of claim 11, Xiangke discloses “wherein a resource of the second virtual machine is a resource exclusive to the first user program” (see rejection of claim 3).  
 
Regarding claim 14, in view of claim 11, Xiangke in view of Arora disclose “wherein the plurality of programs further comprises an agent program that corresponds to the first user program, wherein the instructions further cause the apparatus to use the agent program as an agent of the first user program in the first virtual machine after stripping the first user program from the first virtual machine so as to trigger the kernel to process an event that is to be processed by the kernel, and wherein the event is generated when the first user program is running in the second virtual machine” (See rejection of claim 4).  

Regarding claim 15, in view of claim 14, Xiangke in view of Arora disclose “wherein the event is an interrupt event, a page fault exception event, or a system invocation event” (See rejection of claim 7).    

Regarding claim 16, in view of claim 11, Xiangke in view of Du disclose “wherein, the instructions further cause the apparatus to be configured to determine that the first user program is a secure user program before creating the second virtual machine” (see rejection of claim 8).  

Regarding claim 17, in view of claim 16, Xiangke in view of Arora disclose “wherein the instructions further cause the apparatus to be configured to: obtain a first hash value group and a second hash value group, wherein the first hash value group comprises at least one first hash value, wherein the second hash value group comprises at least one second hash value, wherein each of the at least one first hash value is in a one-to-one correspondence with each of at least one data object in the first user program, wherein each of the at least one first hash value is a current hash value of the corresponding at least one data object, wherein each of the at least one second hash value is in a one-to-one correspondence with each of the at least one data object, and wherein the at least one second hash value is a factory-set hash value of the at least one data object; and determine that the first user program is the secure user program, wherein the first hash value group is the same as the second hash value group” (See rejection of claim 9).   

Regarding claim 18, in view of claim 11, Xiangke discloses “wherein the hardware layer comprises an advanced reduced instruction set computing machines (ARM) processor, and wherein the first-level mode is an exception level _L(EL1) mode and the second-level mode is an exception level 0 (ELO) mode” (see rejection of claim 10).  
  


 Regarding claim 19, Xiangke discloses “A Secure World access apparatus, comprising:
 a processor; and  551135-v4/4747-1490010Atty. Docket No. 4747-14900 (85289005US04) a memory coupled to the processor and storing instructions that, when executed by the processor, cause the Secure World access apparatus to be configured to” (Page 5, Para 1: computer with memory):
“create  a first virtual machine in a Normal World;
 load  a plurality of programs  from the Normal World to the first virtual machine, wherein the plurality of programs comprise a kernel and a first user program, wherein the kernel runs in a first-level mode, wherein at least one user program runs in a second-level mode, and wherein the first-level mode is higher than the second-level mode; 
create in the Normal World, a second virtual machine that runs in the first-level mode when the first user program needs to access a Secure World; 
strip the first user program from the first virtual machine and load the first user program to the second virtual machin(see rejection of claim 1).  

Regarding claim 20, in view of claim 19, Xiangke discloses “wherein the plurality of programs comprise one or more other programs, and wherein the instructions further cause the Secure World access apparatus to be configured to set a virtualization list to prohibit one or more of the plurality of 551135-v4/4747-1490011Atty. Docket No. 4747-14900 (85289005US04) programs, other than the first user program from accessing a memory page of the first user program” (see rejection of claim 1).  

Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Wintergerst et al. (U.S. Patent No.: US 8,667471 B2) discloses “….wherein the on-demand initiating and running are performed independent of default profiling agents or default debugging agents and in runtime without having to stop or restart the first virtual machine or an application server hosting the first virtual machine; and communicate, from the first virtual machine to the second virtual machine, resulting profiling information obtained from running of the customized profiling session”  (Claim 8).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431