DETAILED ACTION
Claims 1-20 are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 7, 8, 10-12, 14, 15,  and 17-19, are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs (US 2014/0053272 A1).

Lukacs was cited in IDS filed.

Regarding claim 1, Lukacs teaches the invention substantially as claimed including a method comprising: 
creating, by a hypervisor executing on a processing device, a first virtual machine nested within a second virtual machine ([0021] host VM 40b runs a host operating system 42, while host VM 40a runs a guest hypervisor 130, which in turn exposes a set of guest virtual machines 140a-b. System 10 may include many levels of nested virtual machine/hypervisor combinations such as the one illustrated in FIG. 1. For instance, another hypervisor may operate on guest VM 140b, exposing yet another layer of virtual machines, etc. The number of VMs 40a-b, 140a-b running on physical machine 12 may vary during the operation of physical machine 12. For example, hypervisors 30, 130 may dynamically launch and/or remove virtual machines; [0026] In some embodiments, software forming part of hypervisors 30, 130 creates a plurality of virtualized (software-emulated) devices corresponding to each physical device 14-26, and assigns a set of virtual devices to each VM operating on physical machine 12.); 
identifying a context of the second virtual machine ([0027] guest hypervisor 130 presents guest VM 140a with its own virtualized physical memory space 116c. In some embodiments, address mapping between virtual machines and the underlying physical machine is achieved using shadow page tables maintained by hypervisors 30 and/or 130); and 
providing, to a context of the first virtual machine, a parent context pointer indicating the context of the second virtual machine ([0028] In the example of FIG. 4, a software object such as application 144a or a part of guest OS 142 is assigned a virtual address space 216a (also termed logical address space) by guest OS 142. When the software object attempts to access an exemplary memory address 50a, address 50a is translated by the virtualized processor of guest VM 140a, based on translation tables configured and controlled by guest OS 142, into an address 50b within the virtualized physical memory space 116c of virtual machine 140a. Address 50b is also known in the art as a guest-physical address. Guest HV 130, which configures and controls memory space 116c, then maps (for instance using shadow page tables, EPT, or NPT means as discussed above) address 50b to an address 50c within the virtualized physical memory space 116a of host VM 40a. Guest HV 130 also sets up its own virtual memory space 216c within host VM 40, mapping an exemplary address 50h to an address 50k in virtualized physical memory space 116a. Host hypervisor 30 then maps addresses 50c and 50k to addresses 50d and 50m, respectively, within physical memory space 16 of physical machine 12.).

    PNG
    media_image1.png
    632
    494
    media_image1.png
    Greyscale

	Lukacs does not expressly teach a parent context pointer.
	However Lukacs does teach in Fig. 4 above and on [0028] 
“In the example of FIG. 4, a software object such as application 144a or a part of guest OS 142 is assigned a virtual address space 216a (also termed logical address space) by guest OS 142. When the software object attempts to access an exemplary memory address 50a, address 50a is translated by the virtualized processor of guest VM 140a, based on translation tables configured and controlled by guest OS 142, into an address 50b within the virtualized physical memory space 116c of virtual machine 140a. Address 50b is also known in the art as a guest-physical address. Guest HV 130, which configures and controls memory space 116c, then maps (for instance using shadow page tables, EPT, or NPT means as discussed above) address 50b to an address 50c within the virtualized physical memory space 116a of host VM 40a. Guest HV 130 also sets up its own virtual memory space 216c within host VM 40, mapping an exemplary address 50h to an address 50k in virtualized physical memory space 116a. Host hypervisor 30 then maps addresses 50c and 50k to addresses 50d and 50m, respectively, within physical memory space 16 of physical machine 12”
	
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to understand the teachings of Lukacs to encompass the claimed limitation as in much the same way the mapping of 50b of nested Guest VM 140a points to its parent context 50c (shown in Fig. 4 above as an arrow pointing to the parent context 50b→50c). As such, under its broadest reasonable interpretation Lukacs teachings reasonably encompass the claimed limitation. 

Regarding claim 3, Lukacs teaches further comprising: 
detecting a privileged instruction at the first virtual machine ([0035] In some embodiments, when issued from within a virtual machine such as guest VM 140a-b, a privileged instruction may trigger a virtual machine exit event, resulting in transferring control of the processor to the hypervisor controlling the respective VM (e.g., guest hypervisor 130), or directly to host hypervisor 30. Introspection engine 32 operates at the same privilege level as host hypervisor 30 and therefore can intercept such privileged instructions and/or VM exit events. Step 302 may also comprise intercepting an instruction transferring control of the processor from guest HV 130 (or host NV 30) to the virtual machine executing the software object. Examples of such instructions include VMResume and VMLaunch on Intel platforms, and VMRun on AMD platforms.); and 
in response to detecting the privileged instruction, switching to the context of the second virtual machine using the parent context pointer in the context of the first virtual machine ([0038] In a step 306 (FIG. 5), introspection engine 32 translates the address determined in step 304 into an address within a memory space of host HV 30, such as virtual space 216d in FIG. 4. As part of step 306, some embodiments of engine 32 translate the address determined in step 304 to an address within a memory space of the host VM executing guest hypervisor 130 (e.g., host VM 40a in FIG. 1). For instance, memory translation from guest VM 140a to host VM 40a may proceed according to nested/extended page tables maintained by guest HV 130 (see e.g., translating address 50b to 50c in FIG. 4). Such guest-to-host VM address mapping may be extended iteratively to any level of the virtualization hierarchy. [0043] When control of the processor is transferred from a VM to the hypervisor (a process termed VMExit on Intel platforms), the processor saves the state of the VM to the guest state area of the VMCS of the respective virtual machine. To switch context from HV operation to VM operation, HV 130 may issue an instruction to load the guest state of the respective VM onto the processor by accessing the contents of the respective VMCS, an operation known in the art as a guest state loading instruction).

Regarding claim 4, Lukacs teaches wherein the privileged instruction comprises a hypercall and causes an exit from the context of the first virtual machine to the context of the second virtual machine ([0035] In some embodiments, when issued from within a virtual machine such as guest VM 140a-b, a privileged instruction may trigger a virtual machine exit event, resulting in transferring control of the processor to the hypervisor controlling the respective VM (e.g., guest hypervisor 130), or directly to host hypervisor 30).

Regarding claim 5, Lukacs teaches further comprising: 
executing, by the hypervisor, the privileged instruction, and in response to executing the privileged instruction, returning to the context of the first virtual machine ([0043] In some embodiments, the processor may maintain the state of an active VMCS in memory, on the processor, or both. At any given time, at most one VMCS may be loaded on the processor, representing the virtual machine 140a-b currently having control of the processor. When control of the processor is transferred from a VM to the hypervisor (a process termed VMExit on Intel platforms), the processor saves the state of the VM to the guest state area of the VMCS of the respective virtual machine. To switch context from HV operation to VM operation, HV 130 may issue an instruction to load the guest state of the respective VM onto the processor by accessing the contents of the respective VMCS, an operation known in the art as a guest state loading instruction. Examples of such instructions are VMLaunch and VMResume on Intel platforms, and VMRun on AMD platforms. In some embodiments, guest state loading instructions are privileged instructions, requiring hypervisor root privilege such as VMX root mode on Intel platforms. [0044] In a step 312 (FIG. 6), introspection engine 32 may intercept a guest state loading instruction issued by guest HV 130. Being a privileged instruction, the guest state loading instruction transfers control of the processor to host HV 30 and therefore is accessible to engine 32 operating in the context of HV 30. In one example, the guest state loading instruction represents the launch of a new guest VM controlled by guest HV 130. In another example, the guest state loading instruction may be triggered when a software object executing in an already running guest VM attempts to execute a privileged instruction (see above, in relation to FIG. 5). The respective privileged instruction triggers a virtual machine exit event and the processor switches from the context of the guest VM to the context of host HV 30. To resume operation of the respective VM, guest HV 130 may then issue an instruction to re-load the VMCS of the respective guest VM. Re-loading the VMCS of the guest VM may trigger a VMexit event transferring control of the processor to host HV 30. Host HV 30 then executes the re-load instruction, switching back to the context of the respective guest VM. In some embodiments, in step 312 introspection engine 32 may employ the VMExit handler of guest HV 130 or host HV 30. On Intel-VT.RTM. enabled platforms, the VMExit event handler can determine the cause for the context switch (e.g., a VMLaunch, VMResume, or VMPtrld instruction).).

Regarding claim 7, Lukacs further comprising: 
creating, by the hypervisor, a third virtual machine nested within the first virtual machine ([0021] In the exemplary configuration of FIG. 1, host VM 40b runs a host operating system 42, while host VM 40a runs a guest hypervisor 130, which in turn exposes a set of guest virtual machines 140a-b. System 10 may include many levels of nested virtual machine/hypervisor combinations such as the one illustrated in FIG. 1. For instance, another hypervisor may operate on guest VM 140b, exposing yet another layer of virtual machines, etc.); and 
providing, to a context of the third virtual machine, a second parent context pointer indicating the context of the first virtual machine ([0028] In the example of FIG. 4, a software object such as application 144a or a part of guest OS 142 is assigned a virtual address space 216a (also termed logical address space) by guest OS 142. When the software object attempts to access an exemplary memory address 50a, address 50a is translated by the virtualized processor of guest VM 140a, based on translation tables configured and controlled by guest OS 142, into an address 50b within the virtualized physical memory space 116c of virtual machine 140a. Address 50b is also known in the art as a guest-physical address. Guest HV 130, which configures and controls memory space 116c, then maps (for instance using shadow page tables, EPT, or NPT means as discussed above) address 50b to an address 50c within the virtualized physical memory space 116a of host VM 40a. Guest HV 130 also sets up its own virtual memory space 216c within host VM 40, mapping an exemplary address 50h to an address 50k in virtualized physical memory space 116a. Host hypervisor 30 then maps addresses 50c and 50k to addresses 50d and 50m, respectively, within physical memory space 16 of physical machine 12.).
Lukacs does not expressly teach a second parent context pointer.
	However Lukacs does teach in Fig. 4 above and on [0028] 
“In the example of FIG. 4, a software object such as application 144a or a part of guest OS 142 is assigned a virtual address space 216a (also termed logical address space) by guest OS 142. When the software object attempts to access an exemplary memory address 50a, address 50a is translated by the virtualized processor of guest VM 140a, based on translation tables configured and controlled by guest OS 142, into an address 50b within the virtualized physical memory space 116c of virtual machine 140a. Address 50b is also known in the art as a guest-physical address. Guest HV 130, which configures and controls memory space 116c, then maps (for instance using shadow page tables, EPT, or NPT means as discussed above) address 50b to an address 50c within the virtualized physical memory space 116a of host VM 40a. Guest HV 130 also sets up its own virtual memory space 216c within host VM 40, mapping an exemplary address 50h to an address 50k in virtualized physical memory space 116a. Host hypervisor 30 then maps addresses 50c and 50k to addresses 50d and 50m, respectively, within physical memory space 16 of physical machine 12”
	
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to understand the teachings of Lukacs to encompass the claimed limitation as in much the same way the mapping of 50b of nested Guest VM 140a points to its parent context 50c (shown in Fig. 4 above as an arrow pointing to the parent context 50b→50c) and therefore apply it to additional layers of virtualization as noted in cited [0021] “System 10 may include many levels of nested virtual machine/hypervisor combinations such as the one illustrated in FIG. 1. For instance, another hypervisor may operate on guest VM 140b, exposing yet another layer of virtual machines, etc”. As such, under its broadest reasonable interpretation Lukacs teachings reasonably encompass the claimed limitation.

Regarding claim 8, it is a system type claim having similar limitations as claim 1 above. Therefore, it is rejected under the same rationale above.

Regarding claim 10, it is a system type claim having similar limitations as claim 3 above. Therefore, it is rejected under the same rationale above.
Regarding claim 11, it is a system type claim having similar limitations as claim 4 above. Therefore, it is rejected under the same rationale above.

Regarding claim 12, it is a system type claim having similar limitations as claim 5 above. Therefore, it is rejected under the same rationale above.

Regarding claim 14, it is a system type claim having similar limitations as claim 7 above. Therefore, it is rejected under the same rationale above.

Regarding claim 15, it is a media/product type claim having similar limitations as claim 1 above. Therefore, it is rejected under the same rationale above.

Regarding claim 17, it is a media/product type claim having similar limitations as claim 3 above. Therefore, it is rejected under the same rationale above.

Regarding claim 18, it is a media/product type claim having similar limitations as claim 4 above. Therefore, it is rejected under the same rationale above.

Regarding claim 19, it is a media/product type claim having similar limitations as claim 5 above. Therefore, it is rejected under the same rationale above.

Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs (US 2014/0053272 A1), as applied to claims 1, 8, and 15, in further view of Kakaiya et al. (US 2021/0173790 A1).

Regarding claim 2, Lukacs do not expressly teach further comprising: setting, by the hypervisor, a flag in the context of the first virtual machine indicating that the first virtual machine is nested within another virtual machine.
	
However, Kakaiya teaches further comprising: setting, by the hypervisor, a flag in the context of the first virtual machine indicating that the first virtual machine is nested within another virtual machine ([0051] A context entry may include a nesting bit to specify whether a PASID table pointer and a second level pointer is to be used to perform nested translation for translation requests with a PASID. [0052] A PASID entry may include one or more control fields, such as a translation type field or a nesting field, to specify whether a first level pointer or a second level pointer or both pointers are to be used to perform translation for translation requests with a PASID. [0058] In block 520, for each guest PASID in the guest PASID table, the VMM creates a corresponding entry in the shadowed PASID table, with nesting enabled to provide for first-level translation from the guest PASID table (GVA to GPA) and second-level translation using the host GPA-to-HPA table.).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kakaiya with the teachings of Lukacs to allow for a VMM to enable a nesting bit in a higher level VM context. The modification would have been motivated by the desire of performing nested translation upon receiving privileged requests from higher level VMs.

Regarding claim 9, it is a system type claim having similar limitations as claim 2 above. Therefore, it is rejected under the same rationale above.

Regarding claim 16, it is a media/product type claim having similar limitations as claim 2 above. Therefore, it is rejected under the same rationale above.

Claims 6, 13, and 20, are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs (US 2014/0053272 A1), as applied to claims 1, 8, and 15 in further view of Ferguson et al. (US 2015/0319160 A1).

Regarding claim 6, Lukacs do not expressly teach further comprising: 
determining whether the first virtual machine is encrypted; determining whether the second virtual machine is encrypted; and in response to determining that the second virtual machine is encrypted and the first virtual machine is not encrypted, denying creation of the first virtual machine within the second virtual machine.

	However, Ferguson teaches further comprising: 
determining whether the first virtual machine is encrypted; determining whether the second virtual machine is encrypted; and in response to determining that the second virtual machine is encrypted and the first virtual machine is not encrypted, denying creation of the first virtual machine within the second virtual machine ([0072]; [0122] With such an environment of heterogeneous hosts and heterogeneous workloads, VMM 253 needs to manage the placement of protected workloads onto security-capable hosts, such as host 230, to avoid doomed placements where the VM 208 would fail to start. In addition, un-protected workloads may be preferentially placed on the conventional hosts, to optimize the service provider's resource utilization and to allow the service provider to charge higher prices for protected execution, if desired.).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ferguson with the teachings of Lukacs to determine whether a VM to be deployed and a VMM to be hosting have matching encryption requirements/capabilities. The modification would have been motivated by the desire of providing appropriate VM placement based on security criteria.

Regarding claim 13, it is a system type claim having similar limitations as claim 6 above. Therefore, it is rejected under the same rationale above.

Regarding claim 20, it is a media/product type claim having similar limitations as claim 6 above. Therefore, it is rejected under the same rationale above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JORGE A CHU JOY-DAVILA whose telephone number is (571)270-0692. The examiner can normally be reached Monday-Friday, 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai T An can be reached on (571)-272-3756. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JORGE A CHU JOY-DAVILA/Primary Examiner, Art Unit 2195