Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/25/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner1.  

Drawings
The drawings are objected to because of a typographical error in Fig 5.  Item 508 recites “NETOWORK” and should recite “NETWORK”.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d).  If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
The disclosure is objected to because of the following informalities:
Section [0002] has a typographical error, it recites “cloud service may want to secure their BM-based workloads” and should recite “cloud service may want to secure their VM
Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 7, 8, 9, 11, 14, 15, 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Tanikawa (9,460,276) in view of Debout (2014/0101459).

Regarding claim 1, Tanikawa teaches
a method comprising: 
generating, by a virtual device executing on a hypervisor, data (Tanikawa, Col 12, lines 57-62, The second OS 251 issues a data read request with the virtual device address specified, to read data from the virtual device 261.   Upon receiving the data read request of the virtual device 261, the selection service 271 of the hypervisor 203)
data intended for a virtual machine (VM) having a guest memory that includes one or more encrypted pages and one or more unencrypted pages, wherein information written to an encrypted page of the guest memory by the VM is encrypted using an encryption key assigned to the VM and information read from the encrypted page by the VM is decrypted using the encryption key assigned to the VM; (Tanikawa, Col 25, lines 25-31,  FIG. 16 is a diagram illustrating the functional structure of a virtual machine system 1601 of the present modification.  The virtual machine system 1601 has the same structure as the virtual machine system 100 illustrated in FIG. 2, except that it additionally includes an encryption processing unit 1610.   Col 25, lines 59-67,   the regular information management service 214, and the files used by the first OS 211 into the storage device 104, the virtual machine system 1701 causes the encryption processing unit 1710 to encrypt them. Also, after a program such as the first OS 211 of the first virtual machine 201 is read from the storage unit 205, the virtual machine system 1701 causes the encryption processing unit 1710 to decrypt the program before expanding it in the memory 122.)
Tanikawa teaches encrypted storage in a storage device2 but doesn’t teach encrypted storage in memory and separately data is not encrypted storage (encryption key bypassing).
However Debout teaches
writing, by a processing device, … using the … processor so that the data is not encrypted by the encryption key assigned to the VM; and (Debout, [0035] In one embodiment, the data processing unit is based on a bypass method where a direct data path is formed between the CPU core 202 and the memory 240. Input data of its original format (i.e., in plain text) are directly stored in or retrieved from the memory.)
reading, by the processor, the data from the encrypted page as random data  (Debout [0041] A physical address may be associated with more than one logical address, and thus, different data processing methods are applicable to the content at the physical address. In certain embodiments, the data processing unit encrypts input data to payload data at a physical address using a data encryption method based on a key and a logic address. During a memory read cycle, the same logic address may be used to extract and recover the input data using a data decryption method based on the same key, while a different logic address may also be applied to read back this data using a plain text mode. Therefore, regardless of its original data form, use of various logic addresses allows a data stored at a physical address to be extracted to different data forms during a memory read cycle.)
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Debout’s encryption control with Tanikawa’s VM encryption because doing so improves data security (Debout [0032]  Data security is enhanced for the data stream due to such a programmable data path. In various embodiments of the present invention, the mode generator 318 and the multi-mode data processing unit 304 are the hardware dedicated to introduce this programmable data path as a data security feature.)

Regarding claim 2, Tanikawa and Debout teach
the method of claim 1, wherein reading the data from the encrypted page comprises (Tanikawa, Col 12, lines 57-62, The second OS 251 issues a data read request  Col 25, lines 25-31 the virtual machine system 1701 causes the encryption processing unit 1710 to decrypt the program).
Tanikawa teaches decryption.  Tanikawa teaches invalid values in a translation table and then selecting either a privileged or regular information (Tanikawa Col 12, lines 25-29, Subsequently, the selection service 271 makes the virtual device address in the second translation table correspond to an invalid value as an initial value (step S502)  Col 5, lines 4-5, privilege information 232, and regular information 233.)  Tanikawa does not teach  decrypting the data using the encryption key assigned to the VM, thereby randomizing the data .
However Debout teaches improperly decrypting the data using the encryption key assigned to the VM, thereby randomizing the data (Debout, [0041] During a memory read cycle, the same logic address may be used to extract and recover the input data using a data decryption method based on the same key, while a different logic address may also be applied to read back this data using a plain text mode.  Therefore, regardless of its original data form, use of various logic addresses allows a data stored at a physical address to be extracted to different data forms during a memory read cycle.)  
Debout is combined with Tanikawa for the same reasons as claim 1.

Regarding claim 4, Tanikawa and Debout teach
the method of claim 1, further comprising receiving one or more additional requests from the hypervisor to write data in the guest memory of the VM, and for each of the one or more additional requests, providing the hypervisor a different encrypted page of the one or more encrypted pages in which to write the data of the request (Debout, [0025]  During a memory write cycle, input data is preprocessed prior to being transmitted to and stored in the memory 240. … The memory controller 210 stores the payload data as specified in the physical address in the memory 240.  [0041] A physical address may be associated with more than one logical address, and thus, different data processing methods are applicable to the content at the physical address) (Examiner Note: different addresses from the hypervisor can write to different pages in memory, and Debout teaches with different processing methods different logical addresses are used)
Debout is combined with Tanikawa for the same reasons as claim 1.

Regarding claim 7, Tanikawa and Debout teach
the method of claim 1, wherein the data comprises predictable data.  Tanikawa teaches reading data from a virtual device.  Tanikawa does not teach the virtual device is random data therefore Tanikawa’s virtual device data satisfies the limitation “predictable data”  (Examiner Note:  Creating a random source of data is different, it can require random triggers)

Claims 8, 9, 11 and 14 are system claims for the method claims 1, 2, 4 and 7 and are rejected for the same reasons as claims 1, 2, 4 and 7.

Claims 15, 16 and 20 are media claims for the method claims 1, 2, 4 and 7 and are rejected for the same reasons as claims 1, 2, 4 and 7.

Claims 3, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Tanikawa (9,460,276) in view of Debout (2014/0101459) in view of Fries (2009/0282266).

Regarding claim 3, Tanikawa and Debout teach
the method of claim 1, wherein writing the data to the encrypted page of guest memory comprises encrypting the data using an encryption key of the processor  (Tanikawa, Col 26, lines 12-15, Furthermore, the encryption processing units 1610 and 1710 may have different security strengths. In general, the higher the security strength is, the higher the processing load on the encryption is.)
Tanikawa teaches key storage and encryption (Tanikawa [0023] a key storage 212.)  Debout uses keys for encryption.  Tanikawa does not teach an encryption key of the hypervisor.
However Fries teaches an encryption key of the hypervisor (Fries [0010] Furthermore, the method can involve providing the encryption key to one or more hypervisor components that interface between the virtual machines and the associated one or more virtual hard disks. [0044] If determining that the key should now be provided, management service 130 could then automatically send the key so that the corresponding hypervisor 110 at host 105d can then set up the appropriate interface and use the virtual machine 115c)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Fries hypervisor key with Tanikawa’s virtual machine encryption because doing so improves management of a service by groups (Fries [0037] For example, in at least one implementation, virtual machines 115a and 115b (or all the virtual machines in a particular physical host 105) might both be encrypted with encryption key 1, and so forth. In any event, FIG. 2A shows that management service 130 maintains or "corrals" each of these different encryption keys (as well as virtual machines 115 and physical hosts 105) in terms of particular "groups.")

Claim 10 is a system claim for the method claim 3 and is rejected for the same reasons as claim 3.

Claim 17 is a media claim for the method claim 3 and is rejected for the same reasons as claim 3.

Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Tanikawa (9,460,276) in view of Debout (2014/0101459) in view of Bacher (2015/0106952).

Regarding claim 6, Tanika and Debout teach
the method of claim 1.
Tanikawa teaches virtual devices but does not teach the virtual device is an entropy source
However Bacher teaches the virtual device is an entropy source  (Bacher, [0024] The hypervisor generates entropy elements (106) based on triggers. The term "trigger" denotes and is used herein as a synonym for an event, externally originating action, such as an effect of a key stroke on a keyboard, incoming network traffic, a click event from a pointing device, or the like. A trigger may be based on hardware or software source, or a combination thereof.  [0048] According to another embodiment of the method, an entropy element may be transferable from the hypervisor, in particular from the related entropy element pool, to the virtual machine using an interface. Such an interface may be a virtualized or para-virtualized interface. The known function "virtio-rng" may be instrumental for achieving such a transfer.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Bacher’s random virtual device with Tanikawa’s virtual device because doing so improves security by providing a higher entropy source (Bacher [0040] In one embodiment, generating isolated entropy elements for a virtual machine enables a higher degree of security for newly installed virtual machines. An attacker may not be able to predict or limit the scope of newly generated entropy elements by detecting a series of virtual machines on a hypervisor. In one embodiment, the entropy elements may be used to generate security keys for a secured communication protocol to a virtual machine.)

Claim 13 is a system claim for the method claim 6 and is rejected for the same reasons as claim 6.

Claim 20 is a media  claim for the method claim 6 and is rejected for the same reasons as claim 6.



Allowable Subject Matter
Claim 5, 12 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The re-written claims will be allowable because the prior art does not teach a hypervisor bypassing the VM encryption key to write data into an encrypted page in the VM, checking for duplicative data in the write requests and responsive to a threshold of duplicative data, denying the hypervisor access to the guest memory.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRUCE S ASHLEY/Examiner, Art Unit 2494                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 (Examiner Note: IDS item 1 in U.S. Patents, shows a document ID of 9748127 but Doane’s patent number is 9749127.  Doane’s patent title is “Establishing Entropy on a System.”  US patent 9,748,127 is by Fukuda titled “Structure for Fastening Together Resin Members in Substrate Storing Container”  IDS Item 3 in Non-Patent Literature Documents, Robert Burhen et al, “Insecure Until Proved Updated: Analyzing AMD SEV’s Remote Attestation” was not provided and the IDS has a typo in the title word Analyzing (IDS reads Analayzing).  A copy of the Burhen paper was obtained from arxiv.org.)
        2 Storage device memory reads on the memory described in specification section [0013]