DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a Final Office Action responsive to Applicant’s reply filed 05/24/2022.
Claims 8-14, 21-27, 29-34 are pending.

Response to Amendment
	Applicant has presented arguments only.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8, 9, 10, 11, 14, 21, 22, 23, 24, 27, 29, 33, and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Gunti et al. (US 2018/0032734) in view of Kato et al. (US 2018/0239896) further in view of Zimmer et al. (US 2009/0164770, hereinafter Zimmer1)

With respect to claim 8, Gunti discloses: A method for securely launching a hypervisor, comprising: accessing a set of instructions that are used to launch binary code (Fig. 3, labels 304 and 306, “boot loader” is interpreted as Applicant’s “set of instructions”, [0015]); 
validating the set of instructions that are used to launch the binary code/kernel based at least on a security credential associated with the set of instructions, wherein the security credential is specified by a manufacturer of the set of instructions or the hypervisor ([0014] “private key of the vendor”, [0016] “affiliated by vendor of boot loader”, [0013], lines 7-13); and 
when the set of instructions
Gunti does not specifically disclose the set of instructions are used to launch a hypervisor.
However, Gunti discloses that the UEFI in a virtualization environment is used to securely launch the boot loader and hypervisor kernel ([0004]). That the booting process ensures integrity for all binaries that execute in the computer system ([0015]). The boot loader upon being validated and verified launches the kernel ([0016], [0017]). That hypervisors as a hardware abstraction layer can be utilized ([0036])
Furthermore, Kato discloses that the hypervisor is launched by a boot loader of the processing unit loading firmware ([0038], lines 10-13).
It would have been obvious to a person having ordinary skill in the art before the effective filing date to incorporate a boot loader that launches the hypervisor as disclosed by Kato into Gunti because Gunti discloses the use of hypervisor kernels and Gunti’s boot loader launches kernels as well. One of ordinary skill in the art would realize that the launching of a kernel by the boot loader would also incorporate the launching of a hypervisor if the hypervisor is used as a hardware abstraction layer, due the fact that the hypervisor resides in kernel space and not user space.
	The combination of Gunti and Kato do not specifically disclose: determining, after the hypervisor is launched and based on the set of instructions used to launch the hypervisor, whether the hypervisor was securely launched; and based on determining the hypervisor was securely launched, permitting access by the hypervisor to one or more platform details.
	However, Zimmer1 discloses: determining, after the hypervisor is launched and based on the set of instructions used to launch the hypervisor, whether the hypervisor was securely launched; and based on determining the hypervisor was securely launched, permitting access by the hypervisor to one or more platform details ([0018], [0019], [0025]).
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Zimmer1 to maintain the hypervisor’s integrity and not allow a hypervisor be compromised by an attack during runtime ([0004], Zimmer1)

With respect to claim 9, Gunti discloses: wherein the set of instructions are binary code ([0015], line 4, line 12, the boot loader is a binary as it is executed during the booting process).  

With respect to claim 10, Gunti discloses: validating one or more hardware components that will execute the set of instructions ([0015], lines 7-10).  

With respect to claim 11, Gunti discloses: wherein the one or more hardware components is a boot processor (id., Fig. 1, computer system “100” includes “CPU”).  

With respect to claim 14, Gunti discloses: wherein the security credential is a signature ([0016]).  

With respect to claims 21-24, 27, they recite similar limitations as claims 8-11, 14, respectively, and are therefore rejected under the same citations and rationale. Claims 21 and 23 furthermore recite that the stored instructions are “securely” stored. The boot loader is securely stored because it is not launched prior to verifying that the boot loader is authentic (see e.g. Fig. 3, Gunti).

With respect to claim 29, it recites similar limitations as claim 8 and is therefore rejected under the same citations and rationale. Claims 29 furthermore recites that the stored instructions are “securely” stored. The boot loader is securely stored because it is not launched prior to verifying that the boot loader is authentic (see e.g. Fig. 3, Gunti).

With respect to claim 33, Zimmer1 disclsoes: validating one or more hardware components that will execute the set of instructions ([0027]).  

With respect to claim 34, Zimmer1 discloses: the one or more hardware components is a boot processor ([0027]).

Claims 12, 13, 25, 26, and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Gunti et al. (US 2018/0032734) in view of Kato et al. (US 2018/0239896) further in view of Zimmer et al. (US 2009/0164770, hereinafter Zimmer1) further  in view of Wang et al. (US 2013/0318595).

With respect to claim 12, Gunti and Kato do not specifically disclose: providing access to additional instructions that are used to launch the hypervisor.
However, Wang discloses: providing access to additional instructions that are used to launch the hypervisor ([0060], [0061]).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to incorporate the additional instructions to ensure that security problems that threaten hypervisors may not threaten the virtual machines as well by ensuring the hypervisors are validated and authenticated.

With respect to claim 13, Wang discloses: wherein the additional instructions are stored in a separate storage location from the set of instructions ([0045], [0054], examiners note: if they are stored in the same location, one will overwrite the other. Therefore, they would have to be stored in at least separate memory locations/addresses to preserve their respective functionalities).  

With respect to claims 25 and 26, they recite similar limitations as claims 12 and 13 and are therefore rejected under the same citations and rationale.
   
With respect to claim 30, Wang discloses: wherein the security credential is specified by a manufacturer of hypervisor ([0034], line 12).  

Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over Gunti et al. (US 2018/0032734) in view of Kato et al. (US 2018/0239896) further in view of Zimmer et al. (US 2009/0164770, hereinafter Zimmer1) further  in view of Zimmer et al. (US 2009/0249053).

With respect to claim 31, Gunti and Kato do not specifically disclose: generating a nested hypervisor when the security credential has been validated.
However, Zimmer discloses: generating a nested hypervisor when the security credential has been validated ([0027]-[0032], examiner’s note: the hypervisor launched in the early phase is validated to provide early protection. A successive hypervisor would not be invoked in the hypervisor launched in the early phase does not pass validation. Therefore, the launch of the successive hypervisor is an indication that the hypervisor in the early phase was securely launched).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Zimmer to protect the platform at earlier phases from sophisticated malware attacks ([0003], Zimmer).
  
Claim 32 is rejected under 35 U.S.C. 103 as being unpatentable over Gunti et al. (US 2018/0032734) in view of Kato et al. (US 2018/0239896) further in view of Zimmer et al. (US 2009/0164770, hereinafter Zimmer1) further  in view of Thomas et al. (US 9032400).

With respect to claim 32, Gunti and Kato do not specifically disclose: reinitializing the hypervisor when it is determined that the security credential was not validated.
	However, Thomas discloses: reinitializing the hypervisor when it is determined that the security credential was not validated (col. 6, lines 28-44).
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Thomas to ensure that the device on which the hypervisor will be/is hosted transforms from an inert machine to a useful machine by applying a significant software upgrade that could not otherwise be done without interrupting or affecting the execution of guest domains. After the updates, the hypervisor can be restarted/reinitialized.

Response to Arguments
Applicant alleges that Zimmer1 does not disclose any analysis of the integrity agent itself which the Office Action asserts to be part of the set of instructions that aid in launching the hypervisor. Examiner, respectfully, disagrees. Although, Zimmer1 was not cited to disclose the limitation: “validating the set of instructions that are used to launch the hypervisor”, the cited portions of Zimmer1 disclose that the integrity agent is validated and evaluated. For example, Zimmer1 clearly discloses the integrity agent is authenticated prior to the hypervisor being loaded ([0018]). Authentication is a form of validating/evaluating. Platform initialization code launches the integrity agent, the startup ACM then authenticates the integrity agent and thereafter the hypervisor is loaded ([0019]). In this regard, the integrity agent is used to launch the hypervisor as the latter will not launch prior to the integrity agent is authenticated.  Contrary to Applicant’s assertion, the integrity agent is therefore validated/authenticated. Said actions are executed prior to the hypervisor launching. The rejection is maintained.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WISSAM RASHID whose telephone number is (571)270-3758.  The examiner can normally be reached on Monday-Friday 8:00 am-5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai An can be reached on 5712723756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/WISSAM RASHID/Primary Examiner, Art Unit 2195