Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to applicant’s amendment filed on 07/28/2022.
	Claims 1-20 are pending and examined.
	
Response to Arguments
Applicant’s arguments filed on 07/28/2022 have been fully considered but they are not persuasive.
Applicant argued that the cited prior art not teach the amended claim limitations, specifically applicant stated Erlingsson and Hepkin — whether alone or in combination — have not been shown to teach or suggest at least the element of “starting [a] virtual environment to execute the first guest OS
and the application logic of the extension functionality ... , wherein the execution of the application logic of the extension functionality is performed on data directly provided by the host process in the virtual environment, wherein the data is provided by the host process for the execution of the extension functionality of the application in the virtual environment, and wherein the data is stored in an allocated memory of the application for the execution of the extension functionality in the virtual environment,” as recited above. The examiner respectfully disagrees. Erlingsson suggests “starting a virtual environment to execute the first guest OS and the application logic of the extension functionality ... ”(Fig. 7; paragraphs [0072][0074][0075][0082]; “an virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor”; paragraphs [0014][0016][0045][0065]; an extension can be executed in a virtual environment and a corresponding proxy extension can be executed in the process space of the host software application in such a manner that the proxy extension provides access to the abilities of the original extension while isolating the host software application from the original extension through the use of the virtual environment); “wherein the execution of the application logic of the extension functionality is performed on data directly provided by the host process in the virtual environment, wherein the data is provided by the host process for the execution of the extension functionality of the application in the virtual environment, and wherein the data is stored in an allocated memory of the application for the execution of the extension functionality in the virtual environment” (Fig. 2; paragraphs [0045][0046]; “For example, the extension 215 may provide access to a particular type of file storage, such as a file storage using an unusual or legacy file system format. In such a case, a proxy 205 can be designed to detect file access instructions within the host process 201 and intercept those instructions. The proxy 205 can then forward appropriate information to the extension 215, that can access files in the file storage using the legacy file system format”; thus, the proxy (host process) forwards appropriate information (data) to the extension, which can be utilized by the extension for file accessing (for the execution of the extension functionality of the application in the virtual environment); since the extension receives this appropriate information (data) and executes using this data, it is implied this data is stored in an allocated memory of the application for the execution of the extension functionality in the virtual environment). Therefore, the examiner believes Erlingsson suggests above limitations.
	The previously issued double patenting rejection is maintained.
	The examiner is available for a phone interview with applicant.
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-9, 11-12, 14-15 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Erlingsson et al. (US PGPUB 2009/0265715) hereinafter Erlingsson, in view of Hepkin (US PGPUB 2016/0147555).

Per claim 1, Erlingsson discloses “a computer-implemented method comprising: providing a hypervisor as a compiled library for interfacing with an application in relation to an execution of an extension functionality of the application, wherein the hypervisor manages a virtual environment including one or more virtual machines” (Fig. 7; paragraphs [0072][0074][0075][0082]; “an virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor”; hypervisor can also provide an appropriate response to allow the operating system, or other software that was relying on the extension in the virtual environment; a hypervisor is an executable program that is a compiled program module; “a virtual machine process is shown, using a hypervisor 613 to interface with underlying hardware 620, and comprising an virtual operating system process 611 hosting an extension 615... As explained above, a hypervisor, such as hypervisor 613, can be the computer executable instructions that manage a virtual machine environment by providing limited operating system functionality and by providing abstracted access to underlying hardware”); “initializing a first virtual” environment “at a virtual machine managed by the hypervisor for an execution of a command  associated with the execution of the extension functionality of the application” (Fig. 7; claims 1, 3; paragraphs [0016][0082][0073]; booting a virtual environment which is managed by the hypervisor, and invocation of the extension to the host process, a service API associated with the extension, “an virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor”; “For example, the operating system can, while it is executing, receive a user command to have the virtual machine process perform a task”); “starting the virtual environment to execute a first guest operating system (OS) and an application logic of the extension functionality to embed the execution of the application logic of the extension functionality into an execution of a host process running at the application” (Fig. 3; paragraph [0016][0082]; booting an original virtual environment having the functionality, required by the extension, and then, at a subsequent point in time when a virtual environment is required, cloning the state of the booted original virtual environment to create the required virtual environment; “an virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor”; Fig. 7, paragraph [0106]; using a hypervisor to interface with underlying hardware, and comprising an virtual operating system process hosting an extension; the execution of application logic of the extension is embedded into the host process); “wherein the execution of the application logic of the extension functionality is performed on data directly provided by the host process in the virtual environment, wherein the data is provided by the host process for the execution of the extension functionality of the application in the virtual environment, and wherein the data is stored in an allocated memory of the application for the execution of the extension functionality in the virtual environment” (Fig. 2; paragraphs [0014][0016][0045][0046][0065]; an extension can be executed in a virtual environment and a corresponding proxy extension can be executed in the process space of the host software application in such a manner that the proxy extension provides access to the abilities of the original extension while isolating the host software application from the original extension through the use of the virtual environment; the operating system and other support software can provide common access to memory resource for the virtual environment; direct the virtual process memory 302 and 303 to the physical location 321 in RAM 132 in which the data that represents the host process memory 301 is stored; “For example, the extension 215 may provide access to a particular type of file storage, such as a file storage using an unusual or legacy file system format. In such a case, a proxy 205 can be designed to detect file access instructions within the host process 201 and intercept those instructions. The proxy 205 can then forward appropriate information to the extension 215, that can access files in the file storage using the legacy file system format”; thus, the proxy (host process) forwards appropriate information (data) to the extension, which can be utilized by the extension for file accessing (for the execution of the extension functionality of the application in the virtual environment); since the extension receives this appropriate information (data) and executes using this data, it is implied this data is stored in an allocated memory of the application for the execution of the extension functionality in the virtual environment).
While Erlingsson discloses “initializing a first virtual” environment “at a virtual machine managed by the hypervisor for an execution of a command associated with the execution of the extension functionality of the application”, Erlingsson does not explicitly discloses the hypervisor manages a virtual environment includes a virtual processor. However, Erlingsson suggests (paragraph [0082]; a virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor). Furthermore, Hepkin discloses (Fig. 1; paragraphs [0003][0016]) a hypervisor executing on top of physical hardware, the hypervisor provides a virtual environment that includes a virtual processor). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Erlingsson and Hepkin to provide and initialize a virtual environment that includes a virtual processor for execution of application; as virtualized hardware (such as a processor) facilitate management and sharing of hardware resources among different processes.

Per claim 2, Erlingsson further suggests “allocating the memory for the virtual environment to run in an address space of the application, wherein the virtual environment is configured for execution of commands related to the extension functionality of the application, wherein the commands are identified as related to the extension functionality during runtime of the application” (Fig. 3; paragraphs [0013][0014][0061][0062][0065][0073]; an extension can be executed in a virtual environment that can provide the support APIs (i.e. commands) that the extension may properly require while isolating the extension from the host software application; the operating system and other support software can provide common access to memory resource for the virtual environment; direct the virtual process memory 302 and 303 to the physical location 321 in RAM 132 in which the data that represents the host process memory 301 is stored; “For example, the operating system can, while it is executing, receive a user command to have the virtual machine process perform a task”; claim 1; detecting an operation by the host process, wherein the operation is related to a functionality of the extension (i.e. detecting an operation/command during runtime)).
.
Per claim 3, Erlingsson further suggests “starting the application to execute the commands at a host system; identifying the first command related to the extension functionality of the application during runtime of the application; and in response to determining that the virtual processor is to be initialized for the execution of the first command, initializing the virtual processor for the execution of the first command” (claim 1; detecting an operation by the host process, wherein the operation is related to a functionality of the extension; identifying a proxy for the extension, wherein the proxy supports the functionality related to the operation; loading the proxy into the host process; loading the extension into a virtual process, wherein the virtual process is a virtual instance of the host process). Hepkin discloses (Fig. 1; paragraphs [0003][0016]) a hypervisor executing on top of physical hardware, the hypervisor provides a virtual environment that includes a virtual processor. 

Per claim 5, Erlingsson further suggests “loading the first guest OS at the allocated memory; and copying the application logic of the extension functionality into the allocated memory, wherein the application logic of the extension functionality has restricted access to the memory of the host process” (Fig. 7; claims 1, 3, 8; paragraphs [0016][0082][0073]; booting a virtual environment which is managed by the hypervisor, and invocation of the extension to the host process, a service API associated with the extension, “an virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor”; loading (copying application logic) the extension into a virtual process, wherein the virtual process is a virtual instance of the host process; protecting the common physical memory from write access by the virtual process (i.e. limited access)).

Per claim 6, Hepkin further suggests “wherein initializing the virtual processor includes setting up a register for the virtual processor; wherein the virtual processor is operable to manage one or more guest OS; wherein the virtual processor is initialized at the virtual environment and is restricted to a predefined part of an address space of the application” (Fig. 1; paragraphs [0003][0016][0018]; a hypervisor executing on top of physical hardware, the hypervisor manages multiple virtual environments each including a guest OS, and a virtual processor; a processor includes registers, thus setting up a virtual processor would include setting up virtual registers; “Typically, a virtual machine context (VMC) is maintained for each virtual processor or virtual machine. The VMC provides the processor context for a guest virtual machine. Typically, a single VMC may be maintained for each virtual machine, or each virtual machine processor, on a one to one basis”; thus, each virtual processor is restricted to accessing the memory of the virtual machine it resides on). Erlingsson further suggests “wherein the virtual processor is operable to manage one or more guest OS” (paragraphs [0016][0082][0073]; booting a virtual environment which is managed by the hypervisor, and invocation of the extension to the host process, a service API associated with the extension, “an virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor”).

Per claim 7, Erlingsson further suggests “wherein the guest OS includes minimum viable code required to execute the first command and the extension functionality of the application, and wherein the guest OS is compiled as a library and linked with the extension functionality” (paragraphs [0016][0043][0082]; a virtual environment in which extensions can safely execute can be efficiently created by booting an original virtual environment having the functionality; The virtual process 211 can attempt to emulate the host process 201, at least to the extent that it can provide virtual support APIs 213 that are analogous to the support APIs 203 that the host software application may provide; an virtual operating system, which can be the same or different than the operating system 134, can then be booted on the abstracted hardware provided by the hypervisor; a person skilled in the art would recognize an operating system is an executable program that is a compiled program module).

Per claim 8, Erlingsson further suggests “in response to identifying the first command for execution, creating a first thread for executing the first command at the virtual environment; and
in response to identifying a second command, creating a second thread separate from the first thread, the second thread for execution at the virtual environment in parallel with the first thread” (Fig. 3; claims 1-3; paragraph [0061]; invoking an extension in a virtual process from a host application, multiple virtual processes can be spawn; each virtual process executes independently).

Per claim 9, Erlingsson further suggests “in response to executing the command at the virtual environment, determining to reuse the started virtual environment for execution of another command different from the executed command, wherein the other command is associated with the execution of the extension functionality of the application” (claims 1, 3; paragraphs [0016][0082][0094][0116]; booting a virtual environment which is managed by the hypervisor, and invocation of the extension to the host process, a service API associated with the extension; a virtual environment can be booted, such as by executing a virtual machine via commands entered through the operating system whose boot was completed; “allows input/output (I/O) ports to be accessed from within the virtual machine environment … I/O ports are generally identified by an address, or port number, and can be accessed via known “IN” or “OUT” commands”; thus, a user can enter different commands within the same virtual environment to access I/O ports, the same virtual environment is being utilized for different commands).

Claims 11 and 16 are rejected under similar rationales as claims 1 and 16.
Claim 12 is rejected under similar rationales as claims 2+3.
Claim 14 is rejected under similar rationales as claims 5+8.
Claim 15 is rejected under similar rationales as claims 6+7.
Claims 17 and 19 are rejected under similar rationales as claims 1 and 8.

Claims 4, 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Erlingsson, in view of Hepkin, and in view of Gong et al. (US PGPUB 2015/0261576) hereinafter Gong.

Per claim 4, Erlingsson further suggests “providing the data related to the extension functionality into the memory of the virtual environment as read-only data; executing the first command at the virtual environment based on the application data as stored in-memory” (paragraphs [0045][0068]; “The proxy 205 can then forward appropriate information to the extension 215, that can access files in the file storage using the legacy file system format”; thus, the proxy (host process) forwards appropriate information (data) to the extension, which can be utilized by the extension for file accessing (for the execution of the extension functionality of the application in the virtual environment); since the extension receives this appropriate information (data) and executes using this data, it is implied this data is stored in an allocated memory of the application for the execution of the extension functionality in the virtual environment; the virtual processes 211 and 311 can be provided read-only access to the physical memory 321; thus, it would have been obvious the proxy provides  appropriate information (data) to the extension as read-only to prevent modification for security purpose; claims 1, 3; the operation is an invocation of the extension, and wherein the proxy exposes, to the host process, a service API (commands) associated with the extension). Erlingsson does not explicitly teach “in response to completing the execution of the first command, stopping the virtual environment to deallocate the memory”. However, Gong suggests the above (paragraphs [0061]-[0066]; when a VM is not needed, the VM is deactivated, its memory is released for use by other application). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Erlingsson, Hepkin and Gong to stop the virtual environment and release its memory after completing a task, so its memory can be utilized by other applications (increase resource utilization).

Claim 13 is rejected under similar rationales as claim 4.

Per claim 18, Erlingsson further suggests “allocating the memory for the virtual environment to run in an address space of the application, wherein the virtual environment is configured for execution of commands related to the extension functionality of the application, wherein the commands are identified as related to the extension functionality during runtime of the application” (Fig. 3; paragraphs [0013][0014][0061][0062][0065][0073]; an extension can be executed in a virtual environment that can provide the support APIs (i.e. commands) that the extension may properly require while isolating the extension from the host software application; the operating system and other support software can provide common access to memory resource for the virtual environment; direct the virtual process memory 302 and 303 to the physical location 321 in RAM 132 in which the data that represents the host process memory 301 is stored; “For example, the operating system can, while it is executing, receive a user command to have the virtual machine process perform a task”; claim 1; detecting an operation by the host process, wherein the operation is related to a functionality of the extension (i.e. detecting an operation/command during runtime)); “providing the data related to the extension functionality into the memory of the virtual environment as read-only data; executing the first command at the virtual environment based on the application data as stored in-memory” (paragraphs [0045][0068]; “The proxy 205 can then forward appropriate information to the extension 215, that can access files in the file storage using the legacy file system format”; thus, the proxy (host process) forwards appropriate information (data) to the extension, which can be utilized by the extension for file accessing (for the execution of the extension functionality of the application in the virtual environment); since the extension receives this appropriate information (data) and executes using this data, it is implied this data is stored in an allocated memory of the application for the execution of the extension functionality in the virtual environment; the virtual processes 211 and 311 can be provided read-only access to the physical memory 321; thus, it would have been obvious the proxy provides  appropriate information (data) to the extension as read-only to prevent modification for security purpose; claims 1, 3; the operation is an invocation of the extension, and wherein the proxy exposes, to the host process, a service API (commands) associated with the extension). Erlingsson does not explicitly teach “in response to completing the execution of the first command, stopping the virtual environment to deallocate the memory”. However, Gong suggests the above (paragraphs [0061]-[0066]; when a VM is not needed, the VM is deactivated, its memory is released for use by other application). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Erlingsson, Hepkin and Gong to stop the virtual environment and release its memory after completing a task, so its memory can be utilized by other applications (increase resource utilization).

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Erlingsson, in view of Hepkin, and in view of Melski et al. (US PGPUB 2016/0026791) hereinafter after Melski.

Per claim 10, Erlingsson further suggests “reusing the application logic of the extension functionality as running at the virtual environment for a subsequent executing of the application logic of the extension functionality” (claims 1, 3; paragraphs [0016][0082][0094][0116]; booting a virtual environment which is managed by the hypervisor, and invocation of the extension to the host process, a service API associated with the extension; a virtual environment can be booted, such as by executing a virtual machine via commands entered through the operating system whose boot was completed; “allows input/output (I/O) ports to be accessed from within the virtual machine environment … I/O ports are generally identified by an address, or port number, and can be accessed via known “IN” or “OUT” commands”; thus, a user can enter different commands within the same virtual environment with the same application logic to access I/O ports, the same virtual environment is being utilized for different commands). Erlingsson does not explicitly teach “in response to execution of the command at the virtual environment, partially cleaning the allocated memory for the virtual environment to remove stored sensitive data for the execution of the command”. However, Melski suggests (paragraphs [0056][0104][0111]; when a program is reusing a region of memory, it is prudent to clear the old data in memory, or the memory should be overwritten before it is reused; use of uninitialized memory can lead to sensitive data being exfiltrated). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Erlingsson, Hepkin and Melski to clear or overridden a region of allocated memory in a virtual environment that is going to be reused later for other program execution, this would prevent leaking of sensate data from later program execution.

Claim 20 is rejected under similar rationales as claim 10.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANG PAN whose telephone number is (571)270-7667. The examiner can normally be reached 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HANG PAN/Primary Examiner, Art Unit 2193