DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a Non-Final Office Action in response to applicant’s filing on 
July 20, 2020.
Claims 1-19 are pending.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on July 20, 2020 and September 24, 2021. The submissions are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f): 

(f) ELEMENT IN CLAIM FOR A COMBINATION. — An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 

An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a payload-loading unit for loading a payload for generating confidential execution code into memory; a vulnerability-checking unit for checking a vulnerability related to the payload; an encryption key reception unit for receiving an encryption key from an external server; an encryption unit for encrypting the payload using the encryption key; a confidential execution code generation unit for generating confidential execution code for the payload; and a distribution unit for distributing the encrypted payload and the confidential execution code” in claim 13.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
                                               
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1- 6, and 8-19 are rejected under 35 U.S.C. 103 as being unpatentable over Viswanathan et al. (US 2019/0392117 A1) in view of Biswas et al. (US 2014/0032350 A1).

In regards to claim 1, Viswanathan discloses a method for distributing confidential execution software, comprising: 
generating confidential execution code for generating a confidential execution region in a target cloud node having privileges to execute the payload (Viswanathan, Para. 0046, the application 116 may have “guest aware” licensing. In such embodiments, licenses for the host operating system 102 and multiple guest operating systems 114 may be pre-allocated or pre-generated and stored in the host storage 108; note the payload which can interpret as the application and confidential execution code which can interpret as license); 
encrypting the payload (Viswanathan, Para. 0031, particular encryption/decryption operations using the TPM 107 and vTPM 107′ are described herein, in other embodiments, the stored license info 110 and/or cryptography keys with an enclave memory that is an isolated region of code and data within an address space for an application 116); and 
distributing the confidential execution code and the encrypted payload (Viswanathan, Para. 0054, then, the process 200 can include sending the encrypted license blob to the guest operating system at stage 208).  
Viswanathan fails to disclose loading a payload into memory; 
checking a vulnerability related to the payload;
 generating bridge code for calling a function that is not present in the payload, among functions used in the payload; 
However, Biswas teaches loading a payload into memory (Biswas, Para. 0018, Fig. 2, When the application is initially launched); 
checking a vulnerability related to the payload (Biswas Para. 0002, a procedure for verifying the authenticity of a software product, and ensuring that the software product is used within the scope of its end-user license agreement (EULA));
 generating bridge code for calling a function that is not present in the payload, among functions used in the payload (Biswas, Para. 0015, license information is generated and linked to the machine signature and end-user authentication information before being stored in the license database 17, and communicated back to the software application 12 at the computer system and, Para. 0021, if no licenses for the software application are available, then at method operation 42 the user may be presented with an option to obtain (e.g., purchase) a license to use the software application); 
Viswanathan and Biswas are both considered to be analogous to the claim invention because they are in the same field of protecting executable codes stored in the memory used by a virtual machine, and protecting data loaded into the memory during the execution of the code. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Viswanathan to incorporate the teachings of Biswas to include loading a payload into memory (Biswas, Para. 0018, Fig. 2); 
checking a vulnerability related to the payload (Biswas Para. 0002);
 generating bridge code for calling a function that is not present in the payload, among functions used in the payload (Biswas, Para. 0015). Doing so would aid performing the software application a license verification procedure to determine whether it has been properly licensed and activated. If not, a user is typically prompted to enter some product activation information that is associated with a license, such as a serial number or product key (Biswas, Para. 0002).

In regards to claim 2, the combination of Viswanathan and Biswas teaches the method of claim 1, wherein generating the bridge code is configured to extract a list comprising a function for invoking code outside the confidential execution code (Biswas, Para. 0015, license information is generated and linked to the machine signature and end-user authentication information before being stored in the license database 17), among code in the payload, and a function that is called when an external process invokes code included in the payload, and is configured to generate the bridge code based on the list (Biswas, Para. 0015, such processors may constitute processor-implemented modules that operate to perform one or more operations or functions).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Viswanathan to incorporate the teachings of Biswas to include wherein generating the bridge code is configured to extract a list comprising a function for invoking code outside the confidential execution code (Biswas, Para. 0015), among code in the payload, and a function that is called when an external process invokes code included in the payload, and is configured to generate the bridge code based on the list (Biswas, Para. 0015). Doing so would aid performing the software application a license verification procedure to determine whether it has been properly licensed and activated. If not, a user is typically prompted to enter some product activation information that is associated with a license, such as a serial number or product key (Biswas, Para. 0002).

In regards to claim 3, the combination of Viswanathan and Biswas teaches the method of claim 1, wherein the confidential execution code includes at least one component that is necessary in order to implement a Confidential Execution Engine (CEE) (Viswanathan, Para. 0028, the license proxy 106′ can request the license engine 106 for a block of data or “blob” of license information (shown as “license blob 124 in FIG. 2C) based on the stored license info 110 in the host storage 108. In certain embodiments, the license blob 124 can have a time-to-live value; note the license engine 106 can interpret as CEE).  

In regards to claim 4, the combination of Viswanathan and Biswas teaches the method of claim 3, wherein the component includes at least one of an in- enclave loader, a decryptor, a Key Management System (KMS) client, an additional security function module, a sleep-mode handler, an execution control module, and an in- enclave library (Viswanathan, Para. 0031, enclave memory is Secure Guard Extensions (SGX) memory).  

In regards to claim 5, the combination of Viswanathan and Biswas teaches the method of claim 1, wherein encrypting the payload is configured to receive an encryption key from an external server and to encrypt the payload based thereon (Viswanathan, Para. 0038, FIG. 2A, in other embodiments, the TPM 107 can also be configured to generate and share a key pair (i.e., a public key and a private key) with the vTPM 107′ during initialization).  

In regards to claim 6, the combination of Viswanathan and Biswas teaches the method of claim 5, wherein the encryption key is generated by the external server based on at least one of identification information of a corresponding Confidential Execution Engine (CEE) and version information of the payload (Viswanathan, Para. 0029 and Para. 0030, The TPM 107 can include hardware circuitry with suitable firmware or software components configured to generate and/or store cryptography key pairs). 

In regards to claim 8, the combination of Viswanathan and Biswas teaches the method of claim 1, wherein checking the vulnerability is configured to immediately stop a running process when the vulnerability related to the payload is found (Viswanathan, Para. 0023, a virtual machine or container can be created, started, paused, resumed, and stopped).  

In regards to claim 9, the combination of Viswanathan and Biswas teaches the method of claim 1, 
wherein the payload is an executable file or a shared library (Viswanathan, Para. 0033, the second component being a binary compiled library, and the third component being a thread created at runtime).  

In regards to claim 10, Viswanathan discloses a method for executing confidential execution software, comprising: initializing a confidential execution region (Viswanathan, Para. 0005, a virtual trusted platform module (vTPM) can be initialized in a kernel mode (e.g., by a hypervisor) in the guest and bound to a trusted platform module (TPM)); 
loading an encrypted payload into memory in the confidential execution region (Viswanathan, Para. 0007, the license engine can then transmit the encrypted license blob to the guest operating system); 
receiving a decryption key from an external server; decrypting the payload using the decryption key (Viswanathan, Para. 0008, the license proxy in the guest operating system can request the vTPM to decrypt the received license blob using the key previously shared to extract the license information);
redeploying the decrypted payload in the confidential execution region (Viswanathan, Para. 0042, the license proxy 106′ can then query the decrypted license blob 124 in order to extract, for example, the license information for the application 116. Upon obtaining suitable license information, the license proxy 106′ of can then issue a permission 126 to launch the application 116 in response to the launch request 120 from the user 101); writing a list of positions of target substitute functions (Viswanathan, Para. 0046, licenses for the host operating system 102 and multiple guest operating systems 114 may be pre-allocated or pre-generated and stored in the host storage 108) and 
connecting a function in the payload with the target substitute function (Viswanathan, Para. 0046, the license engine 106 can then selectively re-allocate these licenses to the guest operating systems 114); and executing code in the payload (Viswanathan, Para. 0054, the guest operating system can then extract the license information from the encrypted license blob using a corresponding key).  
Viswanathan fails to disclose checking a condition for confidential execution;
However, Biswas teaches checking a condition for confidential execution (Biswas, Para. 0020, If an existing license for the software application is already linked to the machine signature, then at method operation 48, the existing license information is communicated to the software application);
Viswanathan and Biswas are both considered to be analogous to the claim invention because they are in the same field of protecting executable codes stored in the memory used by           a virtual machine, and protecting data loaded into the memory during the execution of the code. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Viswanathan to incorporate the teachings of Biswas to checking a condition for confidential execution (Biswas, Para. 0020). Doing so would aid performing the software application a license verification procedure to determine whether it has been properly licensed and activated. If not, a user is typically prompted to enter some product activation information that is associated with a license, such as a serial number or product key (Biswas, Para. 0002).
In regards to claim 11, the combination of Viswanathan and Biswas teaches the method of claim 10, wherein the confidential execution region includes at least one of an in-enclave loader, a decryptor, a Key Management System (KMS) client, an additional security function module, a sleep-mode handler, an execution control module, and an in-enclave library (Viswanathan, Para. 0031, enclave memory is Secure Guard Extensions (SGX) memory).  

In regards to claim 12, the combination of Viswanathan and Biswas teaches the method of claim 10, wherein checking the condition for the confidential execution is configured to check whether an environment in which the confidential execution software is executed satisfies a preset execution environment condition and to immediately terminate execution of the confidential execution software when the preset execution environment condition is not satisfied (Viswanathan, Para. 0048, in some embodiments, when the license engine 106 determines a guest operating system 114 is non-compliant, the license engine 106 can be configured to remediate, e.g., via resetting or terminating the guest operating system 114, or via other suitable actions).  

In regards to claim 13, Viswanathan discloses an apparatus for distributing confidential execution software, comprising: 
an encryption key reception unit for receiving an encryption key from an external server (Viswanathan, Para. 0038, FIG. 2A, in other embodiments, the TPM 107 can also be configured to generate and share a key pair (i.e., a public key and a private key) with the vTPM 107′ during initialization);
an encryption unit for encrypting the payload using the encryption key (Viswanathan, Para. 0031, particular encryption/decryption operations using the TPM 107 and vTPM 107′ are described herein, in other embodiments, the stored license info 110 and/or cryptography keys with an enclave memory that is an isolated region of code and data within an address space for an application 116);
a confidential execution code generation unit for generating confidential execution code for the payload (Viswanathan, Para. 0046, the application 116 may have “guest aware” licensing. In such embodiments, licenses for the host operating system 102 and multiple guest operating systems 114 may be pre-allocated or pre-generated and stored in the host storage 108); and 
a distribution unit for distributing the encrypted payload and the confidential execution code (Viswanathan, Para. 0054, then, the process 200 can include sending the encrypted license blob to the guest operating system at stage 208).  
Viswanathan fails to disclose a payload-loading unit for loading a payload for generating confidential execution code into memory;
 a vulnerability-checking unit for checking a vulnerability related to the payload; 
However, Biswas teaches a payload-loading unit for loading a payload for generating confidential execution code into memory (Biswas, Para. 0018, Fig. 2, When the application is initially launched);
 a vulnerability-checking unit for checking a vulnerability related to the payload (Biswas Para. 0002, a procedure for verifying the authenticity of a software product, and ensuring that the software product is used within the scope of its end-user license agreement (EULA)); 
Viswanathan and Biswas are both considered to be analogous to the claim invention because they are in the same field of protecting executable codes stored in the memory used by a virtual machine, and protecting data loaded into the memory during the execution of the code. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Viswanathan to incorporate the teachings of Biswas to include loading a payload-loading unit for loading a payload for generating confidential execution code into memory (Biswas, Para. 0018, Fig. 2);
 a vulnerability-checking unit for checking a vulnerability related to the payload (Biswas Para. 0002). Doing so would aid performing the software application a license verification procedure to determine whether it has been properly licensed and activated. If not, a user is typically prompted to enter some product activation information that is associated with a license, such as a serial number or product key (Biswas, Para. 0002).

In regards to claim 14, the combination of Viswanathan and Biswas teaches the apparatus of claim 13, wherein the confidential execution code includes at least one component that is necessary in order to implement a Confidential Execution Engine (CEE) (Viswanathan, Para. 0028, the license proxy 106′ can request the license engine 106 for a block of data or “blob” of license information (shown as “license blob 124 in FIG. 2C) based on the stored license info 110 in the host storage 108. In certain embodiments, the license blob 124 can have a time-to-live value; note the license engine 106 can interpret as CEE).   

In regards to claim 15, the combination of Viswanathan and Biswas teaches the apparatus of claim 14, wherein the component includes at least one of an in-enclave loader, a decryptor, a Key Management System (KMS) client, an additional security function module, a sleep-mode handler, an execution control module, and an in- enclave library (Viswanathan, Para. 0031, enclave memory is Secure Guard Extensions (SGX) memory).  

In regards to claim 16, the combination of Viswanathan and Biswas teaches the apparatus of claim 13, wherein the encryption key is generated by the external server based on at least one of identification information of a corresponding Confidential Execution Engine (CEE) and version information of the payload (Viswanathan, Para. 0029 and Para. 0030, The TPM 107 can include hardware circuitry with suitable firmware or software components configured to generate and/or store cryptography key pairs).  

In regards to claim 17, the combination of Viswanathan and Biswas teaches the apparatus of claim 13, wherein the vulnerability-checking unit additionally checks whether a security measure is applied to the payload through static binary analysis on the payload (Viswanathan, Para. 0029 and Para. 0030, The TPM 107 can include hardware circuitry with suitable firmware or software components configured to generate and/or store cryptography key pairs).   

In regards to claim 18, the combination of Viswanathan and Biswas teaches the apparatus of claim 13, wherein the vulnerability-checking unit immediately stops a running process when the vulnerability related to the payload is found (Viswanathan, Para. 0023, a virtual machine or container can be created, started, paused, resumed, and stopped).  

In regards to claim 19, the combination of Viswanathan and Biswas teaches the apparatus of claim 13, wherein the payload is an executable file or a shared library (Viswanathan, Para. 0033, the second component being a binary compiled library, and the third component being a thread created at runtime).  

Claim7 is rejected under 35 U.S.C. 103 as being unpatentable over Viswanathan et al. (US 2019/0392117 A1) in view of Biswas et al. (US 2014/0032350 A1) and further in view of Brumley et al. (US 2016/0196433 A1). 

In regards to claim 7, Viswanathan in view of Biswas fails to teach the method of claim 1, wherein checking the vulnerability is configured to additionally check whether a security measure is applied to the payload through static binary analysis on the payload.  
However, Brumley teaches checking the vulnerability is configured to additionally check whether a security measure is applied to the payload through static binary analysis on the payload (Brumley, Para. 0045, The SES 230 may leverage BAP, a binary analysis framework, to convert x86 assembly to an intermediate language suitable for symbolic execution. For each instruction executed, a symbolic executor (e.g., symbolic evaluator 232) translates the instruction to the BAP IL (Intermediate Language). The SES 230 performs symbolic execution directly on the IL, introduces additional constraints related to specific attack payloads).  
Viswanathan, Biswas and Brumley are all considered to be analogous to the claim invention because they are in the same field of protecting executable codes stored in the memory used by a virtual machine, and protecting data loaded into the memory during the execution of the code. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Viswanathan to incorporate the teachings of Biswas to include checking the vulnerability is configured to additionally check whether a security measure is applied to the payload through static binary analysis on the payload (Brumley, Para. 0045). Doing so would aid the memory module 350 to require the solver to check whether the cached refinement is accurate for the current symbolic index, before resorting to binary-search for refinement. The refinement cache can reduce the number of bounds-resolution queries by factors of 80% or more (Brumley, Para. 0088).

                                                              Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Yung et al. (US 8,800,032 B2) teaches a method and system for assuring trusted flow of communications, and more specifically, making Sure that the end stations and users of a computer network operate correctly under a given and known rules of transmissions, even though protocols, methods and software logic is typically available to users of such networks.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571) 272-0248. The examiner can normally be reached 9:30 AM- 6:30 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/G.F./
Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/               Supervisory Patent Examiner, Art Unit 2496