DETAILED ACTION
Claims 1-20 are pending. 
Priority: Jun. 5, 2020
Assignee: NXP B.V. 
	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 10-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 10-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 2, 4, 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kou et al.(20180341529), and further in view of Palmer(20210182208), and further in view of Srivastava et al.(20120324236).

As per claim 1 discloses, Kou discloses:
In a data processing system having a guest operating system (OS) providing first level address translation (FLAT) and a hypervisor providing second level address translation (SLAT),(Kou, [0048 --  For example, when a process inside of an operating system wants to access data in an address (say move eax, [ebp] where ebp-0x00F3e840) that address is a process virtual address. The OS needs to translate that virtual address in to a physical address so that the hardware knows where to find the data related to the data access request. This translation happens inside the host OS or guest OS (in the case of a virtual machine).], [0048 -- The HSC manager 212 supports all of the hypercalls to manage the HSCs 210. It manages the calls to create and destroy HSCs and manages page relationships between first level address level and second level address translation pages and the HSCs.]);
 the hypervisor controlling read, write, and execute access rights of a plurality of memory pages of the data processing system,(Kou, [0008 -- . Every time there is a request for access to a page of memory within the HSC, the hypervisor checks which entity is asking for it. If the calling entity is in HSC mode, and the page of memory belongs to it that request is allowed to access the HSC page.]);
requesting, by the guest OS, execute access to a memory page(Kou, [0056 -- When a process on a guest OS wants to access data in a HSC, the guest process sends the virtual address for the pages in memory it wants to access. To this end, a guest virtual address 602 is received (e.g., by the guest OS kernel).]); 
generating, by the hypervisor, a first exception in response to the guest OS requesting the execute access to the memory page(Kou, [0056, fig. 6 -- If the system is not operating in HSC mode, a regular second level page table is used to translate the received guest virtual address to the guest physical address (block 610), and it is determined that the address translation failed and an exception is thrown (block 612). (An exception is an event, which occurs during the execution of a program that disrupts the normal flow of the program's instructions. When an error occurs within a method, the method creates an object and hands it off to the runtime system.)]); 
Kou does not explicitly disclose the following, however Palmer discloses:
 a method comprising: 
generating and storing a set of hashes of all memory pages accessible by the guest OS(Palmer, [0060 -- At 514, integrity monitor 108 may hash the contents of the identified system memory 104 page and compute a hash value. In an embodiment, integrity monitor 108 may perform DMA transactions with system memory 104 to retrieve or otherwise read the contents of the identified system memory 104 page for hashing]);
 generating and storing a set of hashes of all memory pages previously accessed by the guest OS(Palmer, [0058 -- At 506, memory context module 112 may hash the contents of the identified system memory 104 page to compute a golden hash value. The computed golden hash value is representative of the original or valid (i.e., not altered or not tampered) contents of the identified system memory 104 page.]);
comparing a hash of the accessed memory page with the set of hashes of the previously accessed memory pages and determining that the hash of the accessed memory page does not match with the set of hashes of the previously accessed memory pages and in response, reporting suspicious behavior of the guest OS(Palmer, [0061 -- At 518, integrity monitor 108 may report the results of the comparison. For example, in an implementation, if the comparison of the hash values indicates an integrity issue or violation involving the modification of immutable memory (e.g., an issue with the integrity of host virtualization system 100 or components thereof), for example, integrity monitor 108 may generate an out-of-band alert or response. Examples of alerts or responses include logging the violation, shutting down the system, “hot patching” the modified data, entering a known safe mode, or securely deleting sensitive data.]);
Therefore it would have been obvious to incorporate the features of Palmer into the system of Kou for the benefit of enabling monitoring the data stored in the page of system memory that provides an accurate indication of the integrity of host virtualization system or components.
Kou does not explicitly disclose the following, however Srivastava discloses:
 and comparing the hash of the accessed memory page with the set of hashes of all accessible memory pages and determining that the hash of the accessed memory page does not match with the set of hashes of all accessible memory pages and in response, reporting illegal behavior of the guest OS(Srivastava, [0025 -- To verify the integrity of the snapshot file, the challenger 102 computes a final composite hash over the memory contents of the snapshot file. An integrity measure for the final composite hash is compared to the integrity measure for the composite hash contained in the signed quote]);
Therefore it would have been obvious to incorporate the features of Srivastava into the system of Kou for the benefit of the target machine is generated efficiently by generating the quote including the primary integrity indicator associated with privileged module, and the secondary integrity indicator associated with snapshot using the cryptographic signing by the trusted platform module.

As per claim 2, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Palmer discloses:
wherein reporting illegal behavior of the guest OS further comprises withdrawing all access rights to the memory page(Palmer, [0061 -- For example, in an implementation, if the comparison of the hash values indicates an integrity issue or violation involving the modification of immutable memory (e.g., an issue with the integrity of host virtualization system 100 or components thereof), for example, integrity monitor 108 may generate an out-of-band alert or response. Examples of alerts or responses include logging the violation, shutting down the system, “hot patching” the modified data, entering a known safe mode, or securely deleting sensitive data.]);
Therefore it would have been obvious to incorporate the features of Palmer into the system of Kou for the benefit of enabling monitoring the data stored in the page of system memory that provides an accurate indication of the integrity of host virtualization system or components.

As per claim 4, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Palmer discloses:
wherein generating and storing hashes of all memory pages previously accessed by the guest OS further comprises generating and storing the hashes during development of the data processing system(Palmer, [0058 -- At 506, memory context module 112 may hash the contents of the identified system memory 104 page to compute a golden hash value. The computed golden hash value is representative of the original or valid (i.e., not altered or not tampered) contents of the identified system memory 104 page.]);
Therefore it would have been obvious to incorporate the features of Palmer into the system of Kou for the benefit of enabling monitoring the data stored in the page of system memory that provides an accurate indication of the integrity of host virtualization system or components.

As per claim 9, the rejection of claim 1 is incorporated, in addition Kou discloses:
wherein the data processing system is implemented as one or more integrated circuits(Kou, [0041 -- The system diagram of FIG. 2 illustrates the interrelationships between program modules for various Hypervisor-based Secure Container (HSC) implementations, as described herein. Furthermore, while the system diagram of FIG. 2 illustrates a high-level view of various embodiments of HSC implementations, FIG. 2 is not intended to provide an exhaustive or complete illustration of every possible HSC embodiment.]).


Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kou et al.(20180341529), and further in view of Palmer(20210182208), and further in view of Srivastava et al.(20120324236), and further in view of Serebrin(20090187697).

As per claim 3, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Serebrin discloses:
wherein initially the guest OS only receives read and write access rights to the memory page(Serebrin, [0063 Fig. 3a -- as illustrated in the table 76, the X, W, and R bits define the access to the page indicated by the address field. Specifically, if the X bit is set, execution is permitted from the page and if the X bit is clear, execution is not permitted from the page. Similarly, if the W bit is set, writes are permitted to the page and if the W bit is clear, writes are not permitted to the page; and if the R bit is set, reads are permitted to the page and if the R bit is clear, reads are not permitted to the page], [0065 -- as illustrated in the table 76, the X, W, and R bits define the access to the page indicated by the address field. Specifically, if the X bit is set, execution is permitted from the page and if the X bit is clear, execution is not permitted from the page. Similarly, if the W bit is set, writes are permitted to the page and if the W bit is clear, writes are not permitted to the page; and if the R bit is set, reads are permitted to the page and if the R bit is clear, reads are not permitted to the page]);
Therefore it would have been obvious to incorporate the features of Serebrin into the system of Kou for the benefit of  preventing virtual machine guest from viewing a code, improves performance of a virtual machine manager (VMM) code, and prevents accidental or malicious execution of the execute-only code and input/output (I/O) device access to the execute-only pages.

Claim(s) 5-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kou et al.(20180341529), and further in view of Palmer(20210182208), and further in view of Srivastava et al.(20120324236) and further in view of Durham et al.(20190042764).

As per claim 5, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Durham discloses:
requesting, by the guest OS, read or write access to the memory page(Durham, [0021 -- A key domain is a cryptographically separate portion of memory, where access to data stored in memory locations belonging to the key domain requires using an associated key domain key to decrypt the data. When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key]); 
generating, by the hypervisor, a second exception in response to the guest OS requesting the write access to the memory page(Durham, [0021 -- When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key;]); 
encrypting or erasing the memory page in response to the second exception and granting read or write access to the memory page(Durham, [0135 --  (i) cause contents written by the guest workload into each respective memory location of the region of the memory to be encrypted with a consumer-provided key for the guest workload;]);
Therefore it would have been obvious to incorporate the features of Durham into the system of Kou for the benefit of using an agent as an intermediary between a host virtual machine monitor (VMM) and a guest virtual machine (VM) to allow the agent to validate that the VMM does not misconfigure the guest VM to leak confidential data, inject code or data or modify the execution flow of the guest VM. 


As per claim 6, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Durham discloses:
requesting, by the guest OS, execute access to the memory page, generating, by the hypervisor, a third exception in response to the guest OS requesting the execute access to the memory page and decrypting the memory page; and granting execute access to the memory page(Durham, [0021 -- When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key; when the hardware reads data from a memory location belonging to the key domain, the data are decrypted using the key domain key. If contents of the physical memory locations belonging to a key domain are decrypted using the wrong key domain key, the resulting plaintext may be corrupted and/or an integrity violation may be reported.]);
Therefore it would have been obvious to incorporate the features of Durham into the system of Kou for the benefit of using an agent as an intermediary between a host virtual machine monitor (VMM) and a guest virtual machine (VM) to allow the agent to validate that the VMM does not misconfigure the guest VM to leak confidential data, inject code or data or modify the execution flow of the guest VM. 


As per claim 7, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Durham discloses:
wherein the memory page is only encrypted when the memory page includes protected code(Durham, [0021 -- When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key; when the hardware reads data from a memory location belonging to the key domain, the data are decrypted using the key domain key. If contents of the physical memory locations belonging to a key domain are decrypted using the wrong key domain key, the resulting plaintext may be corrupted and/or an integrity violation may be reported.]);
Therefore it would have been obvious to incorporate the features of Durham into the system of Kou for the benefit of using an agent as an intermediary between a host virtual machine monitor (VMM) and a guest virtual machine (VM) to allow the agent to validate that the VMM does not misconfigure the guest VM to leak confidential data, inject code or data or modify the execution flow of the guest VM. .


Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kou et al.(20180341529), and further in view of Palmer(20210182208), and further in view of Srivastava et al.(20120324236) and further in view of Durham et al.(20190042764), and further in view of Bak et al.(20200159667).

As per claim 8, the rejection of claim 5 is incorporated, in addition Kou does not disclose the following, however Bak discloses:
wherein the memory page is used for reading/writing operations and executing operations in an alternating manner(Bak, [0090 -- A sixteenth example is the computing device of the thirteenth example, wherein the first set of memory access permissions are non-default memory access permissions that comprise one of: (1) only read and execute permissions, (2) only read permissions or (3) no access permissions.]);
Therefore it would have been obvious to incorporate the features of Bak into the system of Kou for the benefit of verifying the contents of the driver as loaded in memory which allows the driver to execute, thus, preventing malicious code from executing. The hypervisor is utilized to support a virtual machine and executing processes within the context of the virtual machine.


Claim(s) 10-11, 15-18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kou et al.(20180341529), and further in view of Durham et al.(20190042764).

As per claim 10, Kou discloses:
A method in a data processing system having a guest operating system (OS) providing first level address translation (FLAT) and a hypervisor providing second level address translation (SLAT),( Kou, [0048 --  For example, when a process inside of an operating system wants to access data in an address (say move eax, [ebp] where ebp-0x00F3e840) that address is a process virtual address. The OS needs to translate that virtual address in to a physical address so that the hardware knows where to find the data related to the data access request. This translation happens inside the host OS or guest OS (in the case of a virtual machine).], [0048 -- The HSC manager 212 supports all of the hypercalls to manage the HSCs 210. It manages the calls to create and destroy HSCs and manages page relationships between first level address level and second level address translation pages and the HSCs.]);
 the hypervisor controlling read, write, and execute access rights to each of a plurality of memory pages of the data processing system,( Kou, [0008 -- . Every time there is a request for access to a page of memory within the HSC, the hypervisor checks which entity is asking for it. If the calling entity is in HSC mode, and the page of memory belongs to it that request is allowed to access the HSC page.], [0031 -- The hypervisor has control of whether the operating system sees a requested page or not. For example, when a process executes, it tells the operating system that it is running in HSC mode and the operating system must go to hypervisor to request access to a certain page or address in memory. In response, the hypervisor tells the process whether it can access a certain page or not.]);
 the method comprising: 
setting access rights to a memory page to execute for the guest OS(Kou, [0072 -- Code Integrity (CI) policy enforcement: The hypervisor can use a predefined policy to identify if HSC's by certain signers are allowed to be loaded and executed.]);
 requesting, by the guest OS, read or write access to the memory page(Kou, [0056 -- When a process on a guest OS wants to access data in a HSC, the guest process sends the virtual address for the pages in memory it wants to access. To this end, a guest virtual address 602 is received (e.g., by the guest OS kernel)]); -16-82242522US01
 receiving a first exception, by the hypervisor, in response to the guest OS requesting the read or write access to the memory page(Kou, [0056, fig. 6 -- If the system is not operating in HSC mode, a regular second level page table is used to translate the received guest virtual address to the guest physical address (block 610), and it is determined that the address translation failed and an exception is thrown (block 612). (An exception is an event, which occurs during the execution of a program that disrupts the normal flow of the program's instructions. When an error occurs within a method, the method creates an object and hands it off to the runtime system.)], [0057 -- A determination is made if the physical address belongs to an HSC or not (block 708) and if not the physical address is returned to the CPU (block 710). If the physical address belongs to the HSC a determination is made as to whether the system is in HSC mode (block 710). If not, access is denied and an exception is thrown (block 712).]); 
Kou does not disclose the following, however Durham discloses:
encrypting the memory page in response to the read or write access request to the memory page(Durham, [0021 -- A key domain is a cryptographically separate portion of memory, where access to data stored in memory locations belonging to the key domain requires using an associated key domain key to decrypt the data. When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key]);
and setting access rights to the memory page to read and write for the guest OS(Kuo, [0031 -- The hypervisor has control of whether the operating system sees a requested page or not. For example, when a process executes, it tells the operating system that it is running in HSC mode and the operating system must go to hypervisor to request access to a certain page or address in memory. In response, the hypervisor tells the process whether it can access a certain page or not.]);
Therefore it would have been obvious to incorporate the features of Durham into the system of Kou for the benefit of using an agent as an intermediary between a host virtual machine monitor (VMM) and a guest virtual machine (VM) to allow the agent to validate that the VMM does not misconfigure the guest VM to leak confidential data, inject code or data or modify the execution flow of the guest VM. 

As per claim 11, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Durham discloses:
 requesting, by the guest OS, execute access to the memory page(Durham, [0021 -- A key domain is a cryptographically separate portion of memory, where access to data stored in memory locations belonging to the key domain requires using an associated key domain key to decrypt the data. When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key]); 
receiving a second exception, by the hypervisor, in response to the guest OS requesting the execute access to the memory page(Durham, [0021 -- When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key;]);
 decrypting the memory page in response to the execute request to the memory page and setting access rights to the memory page to execute for the guest OS(Durham, [0021 -- When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key; when the hardware reads data from a memory location belonging to the key domain, the data are decrypted using the key domain key. If contents of the physical memory locations belonging to a key domain are decrypted using the wrong key domain key, the resulting plaintext may be corrupted and/or an integrity violation may be reported.]);
Therefore it would have been obvious to incorporate the features of Durham into the system of Kou for the benefit of using an agent as an intermediary between a host virtual machine monitor (VMM) and a guest virtual machine (VM) to allow the agent to validate that the VMM does not misconfigure the guest VM to leak confidential data, inject code or data or modify the execution flow of the guest VM. 

As per claim 15, the rejection of claim 10 is incorporated, in addition Kou does not disclose the following, however Durham discloses:
determining if the memory page contains protected code prior to encrypting the memory page(Durham, [0021 --  A key domain is a cryptographically separate portion of memory, where access to data stored in memory locations belonging to the key domain requires using an associated key domain key to decrypt the data. When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key; ]);

As per claim 16, the rejection of claim 10 is incorporated, in addition Kou discloses:
wherein the method is implemented as instructions stored in a non-transitory computer readable medium(Kou, [0081 -- The simplified computing device of FIG. 8 may also include a variety of computer readable media. Computer readable media can be any available media that can be accessed by computing device 800 via storage devices 860 and includes both volatile and nonvolatile media that is either removable 870 and/or non-removable 880, for storage of information such as computer-readable or computer-executable instructions, data structures, program modules, or other data. ]).

As per claim 17, Kou discloses:
A data processing system comprising:
 a memory comprising a plurality of memory pages for storing instructions and data(Kou, [ 0079 -- To allow a computing device 800 to implement the HSCs, the device should have a sufficient computational capability and system memory to enable basic computational operations. Further, the computing device 800 may also include optional system firmware 825 (or other firmware or processor accessible memory or storage) for use in implementing various embodiments of HSCs.]);
 and a processor Koupled to the memory, the processor configured to execute instructions under management of a guest operating system (OS) and a hypervisor,(Kou, [0007 -- The hypervisor also sets up a hypercall page to support HSC management routines (e.g., calls between a guest operating system and the hypervisor or calls between the host operating system and the hypervisor). As the operating system (OS) starts up on the hypervisor, the hypervisor maps the hypercall page to a guest physical address. ]);
 wherein the guest OS provides a first level address translation between a virtual address and an intermediate physical address for a memory page in the plurality of memory pages,(Kou, [0048 --  For example, when a process inside of an operating system wants to access data in an address (say move eax, [ebp] where ebp-0x00F3e840) that address is a process virtual address. The OS needs to translate that virtual address in to a physical address so that the hardware knows where to find the data related to the data access request. This translation happens inside the host OS or guest OS (in the case of a virtual machine).]);
 and the hypervisor provides a second level address translation between the intermediate physical address and a physical address of the memory page,(Kou,  [0048 -- The HSC manager 212 supports all of the hypercalls to manage the HSCs 210. It manages the calls to create and destroy HSCs and manages page relationships between first level address level and second level address translation pages and the HSCs.]);
 wherein the hypervisor receives a first exception in response to the guest OS requesting read or write access to a memory page,(Kou, [0056, fig. 6 -- If the system is not operating in HSC mode, a regular second level page table is used to translate the received guest virtual address to the guest physical address (block 610), and it is determined that the address translation failed and an exception is thrown (block 612). (An exception is an event, which occurs during the execution of a program that disrupts the normal flow of the program's instructions. When an error occurs within a method, the method creates an object and hands it off to the runtime system.)]);
Kou does not disclose the following, however Durham discloses:
wherein the memory page is encrypted in response to the read or write access request of the memory page, and wherein read or write access is granted to the memory page(Durham, [0021 -- A key domain is a cryptographically separate portion of memory, where access to data stored in memory locations belonging to the key domain requires using an associated key domain key to decrypt the data. When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key; ]);
Therefore it would have been obvious to incorporate the features of Durham into the system of Kou for the benefit of using an agent as an intermediary between a host virtual machine monitor (VMM) and a guest virtual machine (VM) to allow the agent to validate that the VMM does not misconfigure the guest VM to leak confidential data, inject code or data or modify the execution flow of the guest VM. 

Claim 18 is similar to claim 11. 

Claim 20 is similar to claim 15. 


Claim(s) 12-14, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kou et al.(20180341529), and further in view of Durham et al.(20190042764), and further in view of Palmer(20210182208), and further in view of Srivastava et al.(20120324236).

As per claim 12, the rejection of claim 1 is incorporated, in addition Kou does not disclose the following, however Palmer discloses:
generating and storing a set of hashes of all memory pages accessible by the guest OS(Palmer, [0060 -- At 514, integrity monitor 108 may hash the contents of the identified system memory 104 page and compute a hash value. In an embodiment, integrity monitor 108 may perform DMA transactions with system memory 104 to retrieve or otherwise read the contents of the identified system memory 104 page for hashing]); 
generating and storing a set of hashes of all memory pages previously accessed by the guest OS(Palmer, [0058 -- At 506, memory context module 112 may hash the contents of the identified system memory 104 page to compute a golden hash value. The computed golden hash value is representative of the original or valid (i.e., not altered or not tampered) contents of the identified system memory 104 page.]); 
determining if the guest OS had previously accessed the memory page by checking the set of stored hashes of all memory pages previously accessed by the guest OS, wherein if the guest OS had not previously accessed the memory page, reporting suspicious behavior by the guest OS(Palmer, [0061 -- At 518, integrity monitor 108 may report the results of the comparison. For example, in an implementation, if the comparison of the hash values indicates an integrity issue or violation involving the modification of immutable memory (e.g., an issue with the integrity of host virtualization system 100 or components thereof), for example, integrity monitor 108 may generate an out-of-band alert or response. Examples of alerts or responses include logging the violation, shutting down the system, “hot patching” the modified data, entering a known safe mode, or securely deleting sensitive data.]); 
Therefore it would have been obvious to incorporate the features of Palmer into the system of Kou for the benefit of enabling monitoring the data stored in the page of system memory that provides an accurate indication of the integrity of host virtualization system or components.
Palmer does not disclose the following, however Durham discloses:
requesting, by the guest OS, execute access to the memory page and receiving a second exception, by the hypervisor, in response to the guest OS requesting the execute access to the memory page(Durham, [0021 -- A key domain is a cryptographically separate portion of memory, where access to data stored in memory locations belonging to the key domain requires using an associated key domain key to decrypt the data. When the hardware writes data to a memory location belonging to a key domain, the data are encrypted using the key domain key]);
 decrypting the memory page in response to the requested execute access to the memory page(Durham, [0021 -- A key domain is a cryptographically separate portion of memory, where access to data stored in memory locations belonging to the key domain requires using an associated key domain key to decrypt the data]); 
Therefore it would have been obvious to incorporate the features of Durham into the system of Kou for the benefit of using an agent as an intermediary between a host virtual machine monitor (VMM) and a guest virtual machine (VM) to allow the agent to validate that the VMM does not misconfigure the guest VM to leak confidential data, inject code or data or modify the execution flow of the guest VM. 
Kou does not explicitly disclose the following, however Srivastava discloses:
and determining if the memory page is accessible by the guest OS by checking the set of stored hashes of all the memory pages accessible to the guest OS, wherein when the memory page is not accessible to the guest OS, reporting illegal behavior of the guest OS, and when the memory page is accessible to the guest OS, granting execute access to the memory page(Srivastava, [0025 -- To verify the integrity of the snapshot file, the challenger 102 computes a final composite hash over the memory contents of the snapshot file. An integrity measure for the final composite hash is compared to the integrity measure for the composite hash contained in the signed quote]);
Therefore it would have been obvious to incorporate the features of Srivastava into the system of Kou for the benefit of the target machine is generated efficiently by generating the quote including the primary integrity indicator associated with privileged module, and the secondary integrity indicator associated with snapshot using the cryptographic signing by the trusted platform module.

As per claim 13, the rejection of claim 12 is incorporated, in addition Kou does not disclose the following, however Palmer discloses:
wherein generating and storing the set of hashes of all memory pages previously accessed by the guest OS further comprises generating and storing the set of hashes during development of the data processing system(Palmer, [0058 -- At 506, memory context module 112 may hash the contents of the identified system memory 104 page to compute a golden hash value. The computed golden hash value is representative of the original or valid (i.e., not altered or not tampered) contents of the identified system memory 104 page.]);
Therefore it would have been obvious to incorporate the features of Palmer into the system of Kou for the benefit of enabling monitoring the data stored in the page of system memory that provides an accurate indication of the integrity of host virtualization system or components.

As per claim 14, the rejection of claim 12 is incorporated, in addition Kou does not disclose the following, however Srivastava discloses:
wherein reporting illegal behavior of the guest OS further comprises withdrawing all access rights to the memory page(Srivastava, [0025 -- If the integrity measures do not match, the integrity of the snapshot is compromised, and the challenger 102 may take remedial action, such as discarding the snapshot, contacting the provider, and/or moving to a new provider.]);
Therefore it would have been obvious to incorporate the features of Srivastava into the system of Kou for the benefit of the target machine is generated efficiently by generating the quote including the primary integrity indicator associated with privileged module, and the secondary integrity indicator associated with snapshot using the cryptographic signing by the trusted platform module.

Claim 19 is similar to claim 12.  


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARVIND TALUKDAR whose telephone number is (571)270-3177. The examiner can normally be reached M-F, 10 am-6pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is enKouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on 571-270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Arvind Talukdar
Primary Examiner
Art Unit 2132



/ARVIND TALUKDAR/Primary Examiner, Art Unit 2132