DETAILED ACTION
Claims 1-20 are presented for examination.
This action is in response to the Claims/Remarks on 3/25/22 and the Interview on 5/27/22.  It was agreed for the Examiner to reopen prosecution.  Applicant’s arguments have been fully considered but are now moot in view of the new grounds of rejections.

Claim Objections
Claims 1-7 are objected to because of the following informalities:    
As to claim 1, it is unclear in the claim what is “accessing the event handling information” (lines 3-4) since there is no connection with any other element in the claim.  For example, it is unclear if the “accessing the event handling information” is done by the hypervisor, the guest, or something else.  
As to claims 2-7, they are rejected as being dependent on independent claim 1, respectively, and failing to cure their deficiencies.
Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kaplan et al. (hereinafter KAPLAN) (US 2016/0378522 A1) in view of Serebrin et al. (hereinafter SEREBRIN) (US 2011/0197004 A1).

KAPLAN and SEREBRIN were cited in a previous PTO-892.

As to claim 1, KAPLAN teaches a method, comprising: 
receiving, at a guest program (hypervisor communicates to guest VM through the handling of the VM exit process), an indication of a processor event (events such as interrupts, exceptions, exit processes, exit codes, terminate VM execution, etc.) from a hypervisor (VM(s) under the control of a hypervisor, wherein a hypervisor provides an interface between the VMs and the processing hardware) ([0005]; [0017]; [0025]; [0035]; [0044]; [0047]; [0053]); 
in response to receiving the indication of the processor event (VM receives exit codes, interrupts, etc.) ([0025]), accessing event handling information (type of exit condition, state information that is need by the hypervisor to complete an exit process for the VM) at a specified region of memory (Memory 103 has separate specified regions based on security: Secure Region 120 with “virtual machine control block” [VMCB 121] or “guest hypervisor communication block” [GHCB 122]) ([0017]; [0027]; [0044]; [0047]; Fig 1); and 
processing the processor event based on the event handling information (the processor loads the hypervisor, which completes the exit process for the VM based on the identified interrupt, a type of exit condition, which specified region of memory, or based on the security keys evaluated with the encryption module 125, etc.) ([0017]; [0027]; [0032]-[0033]; [0056]; claims 5-6).
As shown above, KAPLAN teaches events (interrupts, exceptions, VM exit condition, etc.) are signaled from the processor to the hypervisor to perform a VM exit.  KAPLAN does not explicitly claim “receiving any indication of a processor event from a hypervisor at a guest program.”  However, it can be inferred that the hypervisor does communicate an indication of the processor event to the guest VM, and therefore, the guest VM does receive the indication of the interrupt, exception, or VM exit condition being triggered, etc., when handling the VM exit process.  But nevertheless, SEREBRIN teaches that in virtualized environments, the interrupts are generally intercepted by the VMM/hypervisor, processed by the VMM/hypervisor, and delivered to the targeted virtual machine by the VMM/hypervisor using a software mechanism of sort ([0007]; [0040]; Figs 12-14).  SEREBRIN further teaches that its interrupts can be processed based on interrupt priority that is indicated in the task priority register (TPR) ([0030]; [0052]; [0064]; [0090]-[0092]).  
It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify KAPLAN’s hypervisor such that it would send or communicate an indication of a processor event to a guest VM program, as taught and suggested in SEREBRIN.  The suggestion/motivation for doing so would have been to provide the predicted result of communicating processor events and managing virtual machines such that interrupts or VM exits can be processed with improved latency (Serebrin – [0007]; [0030]). 

As to claim 2, KAPLAN in view of SEREBRIN teaches wherein: the guest program comprises a secure layer and a non-secure layer (KAPLAN - based on field of security mode register 111 - [0034]) (SEREBRIN – guests 10A-10N can comprises privileged code 16 or non-OS privileged code 16 – [[0037]; [0049]; [0123]); and receiving the indication of the processor event comprises receiving the indication of the processor event at the secure layer of the guest program (KAPLAN - [0034]; [0044]; [0047]) (SEREBRIN – Guest(s) with privileged programs include access) ([0006]; [0049]; [0085]; [0123]).

As to claim 3, KAPLAN teaches wherein: accessing event handling information comprises the secure layer accessing the event handling information ([0005]; [0017]).

As to claim 4, KAPLAN teaches wherein: receiving the indication of the processor event comprises receiving the indication of the processor event at an event interface (Security Module 104 or Encryption Module 125 or Northbridge 110) of a processor (Processor 102) (Fig. 1).

As to claim 5, KAPLAN teaches wherein: the specified region of memory comprises a region of memory that is inaccessible to the hypervisor (storing information in a secure region 120 or memory locations of the memory 103 so that information is inaccessible to the hypervisor) ([0027]-[0028]; claim 2).

As to claim 6, KAPLAN teaches wherein the specified region of memory is an encrypted region of memory (Secure Region 120; encrypted register values in VMCB 121 using Encryption Module 125, Security Module 104, and Keys 126 to encrypt/decrypt data for secure region of memory) (Fig. 1; [0016]-[0017]; [0030]-[0032]).

As to claim 7, KAPLAN does not teach teaches wherein the event handling information comprises task priority register (TPR) information.  However, SEREBRIN teaches operations emulated in the guest interrupt control units 34A-34B may include the initiation of IPIs within the guest, access to the task priority register (TPR), and accesses to the end of interrupt (EOI) register ([0064]; [0090]; [0092]; [0114]; [0119]).  It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify KAPLAN such that its event handling information comprises TPR information, as taught and suggested in SEREBRIN.  The suggestion/motivation for doing so would have been to provide the predicted result of being able to establish the minimum priority level of interrupt that is being accepted by the vCPU. The guest interrupt control unit 34A may be configured to deliver the highest priority interrupt request if it is higher priority than the highest priority in-service interrupt and if it is higher priority than the priority indicated in the TPR (SEREBRIN - [0092]).

As to claim 8, KAPLAN teaches a method, comprising: 
setting a state of a security register at a processor (processor that implements one or more registers such as security mode register 111 based on a state) (Abstract; Fig. 1; [0022]; [0055]); and 
based on the state of the security register, restricting notification of events involving a hypervisor and a layer of a guest program (restricting VM data to a hypervisor that is not trusted due to identified flaws or bugs, etc.), the events including at least one of an interrupt and an exception (Security mode register 111 with VM states relating to Guard Mode ON field 130, Guard Mode Active field 135, and Enhanced Guard Mode 140 field, wherein a state can indicate whether exceptions are issued in response to particular types of exit conditions) (claim 10; [0017];[0034]; [0005]; Fig. 1).
As shown above, KAPLAN teaches events (interrupts, exceptions, VM exit condition, etc.) are signaled from the processor to the hypervisor to perform a VM exit.  KAPLAN does not explicitly claim its restricting of event notification/interrupts, exceptions, etc., from a hypervisor at a guest program.  However, it can be inferred that the hypervisor does communicate an indication of the processor event to the guest VM, and therefore, the guest VM does receive the indication of the interrupt, exception, or VM exit condition being triggered, etc., when handling the VM exit process, except when not having the correct key 126 for the encryption module 125.  But nevertheless, SEREBRIN teaches that in virtualized environments, the interrupts are generally intercepted by the VMM/hypervisor, processed by the VMM/hypervisor, and delivered to the targeted virtual machine by the VMM/hypervisor using a software mechanism of sort ([0007]; [0040]; Figs 12-14).  SEREBRIN further teaches that its interrupts can be processed based on interrupt priority that is indicated in the task priority register (TPR) ([0030]; [0052]; [0064]; [0090]-[0092]).  In addition, SEREBRIN teaches restricting access based on the existence of privileged or non-privileged code or layer of the guest ([0005]-[0006]; [0039]; [0042]; [0123]).   
It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify KAPLAN’s hypervisor such that it would send or restrict communication of an indication of a processor event to a guest VM program, as taught and suggested in SEREBRIN.  The suggestion/motivation for doing so would have been to provide the predicted result of communicating processor events and managing virtual machines such that interrupts or VM exits can be processed with improved latency and with security (Serebrin – [0005]; [0007]; [0030]). 

As to claim 9, KAPLAN teaches wherein restricting notification of events comprises: receiving an indication of an event from the hypervisor at a secure layer of the guest program (Security Module 104 or Encryption Module 125 or Northbridge 110, Processor 102) (Fig. 1); in response to receiving the indication, accessing event data at a specified region of memory (storing information in a secure region 120 or memory locations of the memory 103 so that information is inaccessible to the hypervisor) ([0027]-[0028]; claim 2).

As to claim 10, KAPLAN teaches wherein: the hypervisor (hypervisor 202) stores the event data at the specified region of memory ([0036]; [0053]; Fig. 2).

As to claim 11, KAPLAN in view of SEREBRIN teaches wherein restricting notification of events comprises: receiving an indication of an event from the hypervisor; in response to the indication, accessing a specified region of memory to retrieve event control information, the specified region of memory inaccessible to the hypervisor (KAPLAN - storing information in a secure region 120 or memory locations of the memory 103 so that information is inaccessible to the hypervisor) ([0027]-[0028]; claim 2; Fig. 2) (SEREBRIN – accessibility based on privileged or non-privileged code or layer ([0005]-[0006]; [0039]; [0042]; [0123]).

As to claim 12, KAPLAN teaches wherein the specified region of memory is encrypted with a key (encryption/decryption key) associated with the guest program ([0016]; [0021]; [0030]; [0042]).

As to claim 13, it is rejected for the same reasons as stated in the rejection of claim 7.

As to claim 14, it is rejected for the same reasons as stated in the rejection of claim 8.

As to claim 15, it is rejected for the same reasons as stated in the rejection of claim 2.

As to claim 16, it is rejected for the same reasons as stated in the rejection of claim 3.

As to claim 17, it is rejected for the same reasons as stated in the rejection of claim 4.

As to claim 18, it is rejected for the same reasons as stated in the rejection of claim 5.

As to claim 19, it is rejected for the same reasons as stated in the rejection of claim 6.

As to claim 20, it is rejected for the same reasons as stated in the rejection of claim 7.

Response to Arguments
Applicant’s arguments have been fully considered but are moot in view of the new grounds of rejections.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Warkentin et al. teaches safely discovering secure monitors and hypervisor implementations in systems operable at multiple hierarchical privilege levels.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH TANG whose telephone number is (571)272-3772. The examiner can normally be reached Monday-Friday 7AM-3PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH TANG/Primary Examiner, Art Unit 2199