DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 5/9/2022.
Claims 1, 17 and 20 have been amended.
Claims 1-20 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/9/2022 has been entered.
 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2/22/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
In view of amendments to claims 1-20, the prior art rejection of claims 1-20 has been withdrawn.  
In view of amendments to claims 17-19, the 101 rejection has been withdrawn.

Reasons for Allowance
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 

The present invention is directed to a method for binding secure keys of secure guests to a hardware security module (see paragraph 0004 of the Applicant’s specification).
The closest prior art of record, Boenisch (US 20160092243) teaches trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server (see Abstract).  In addition, KANCHARLA (US 20160149877) teaches systems and methods to support security management for a plurality of web services hosted in a cloud at a data center to offload their crypto operations to one or more hardware security modules (HSMs) deployed in the cloud. Each HSM is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security solution for crypto acceleration of the web services (see Abstract).  In addition, Smith (US 20090169217) teaches launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module (see Abstract). 
However, the closest prior art of record fails to anticipate or render obvious the recited features of “obtaining, by the secure interface control, via a secure channel, independently from obtaining the configuration request, metadata of the given guest; verifying, by the secure interface, that the metadata of the given guest belongs to the given guest; based on determining that the given guest comprises the secure guest, foreclosing, by the secure interface control, establishing a configuration of the hardware security module by guests other than the given guest of the one or more guests by limiting accesses to the hardware security module exclusively to the given guest of the one or more guests; logging the given guest into the hardware security module, by the secure interface control, wherein the logging into the hardware security module comprises utilizing a secret of the given guest, wherein the metadata comprises the secret, wherein the secret is cryptographically linked to the image and cannot be utilized by another image”, as in independent claims 1, 17 and 20.  
These features, together with the other limitations of the independent claims are novel and non-obvious over the prior art of record.  The dependent claims 2-16 and 18-19 being definite, enabled by the specification, and further limiting to the independent claim, are also allowable.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed below,
Doane (US 20150254451) discloses “a vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance”, see Abstract.
MASUOKA (US 20090172781) discloses generating a dedicated virtual machine image (DVMI) including functionality for a target service provider and launching the DVMI in the host device as a dedicated virtual machine (DVM). A measurement of the DVMI and/or the launched DVM, as a Trusted Dedicated Virtual Machine (TDVM), is transmitted to the target service provider server, see Abstract.
Chanllener (US 20090089875) discloses establish a secure identification item with an entity which positively identifies the entity; accept an application OS of the entity; and initiate a guest OS with the entity; the network adapter acting to connect with the entity subsequent to initiation of a guest OS; and the display acting to display the secure identification item subsequent to connection with the entity, see Abstract.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/TRANG T DOAN/Primary Examiner, Art Unit 2431