DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1,3, 6-10, 12, 15-19, 21, 24-26, and 28-30 are pending in the current application, wherein claims 1, 9-10, 18-19, and 26 are amended, claims 28-30 are newly added, claims 5, 14, 23 and 27 are cancelled.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1,3, 6-7, 10, 12, 15-16, 19, 21, 24-26, and 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over Bullions et al. (“Milli Code”, IBM Technical Disclosure Bulletin Vol. 35 No. 1A, Sept 1, 1992), in view of Hunt et al. (“supporting protected computing on IBM Power Architecture”, developer.ibm.com/articles/l-support-protected-computing/,  March 22, 2018)

As for claim 1, Bullions teaches a method comprising:
receiving, by a communication interface of the secure interface control [The Milli-Mode Detection Logic 120] executing between the secure interface control and hardware of the computer [hardware execution elements 104], (Pg. 452-453, “The Milli-Mode Detection Logic 120 is connected to receive the output of the instruction registers 100” (pg. 452) and “Milli-instructions are sent to the Instruction Registers 100 where the decoder 102 decodes...and schedules them for execution at the appropriate hardware execution elements 104…”  Examiner note, secure interface control as taught in the specification, is an interface, and communication interface is a gateway for the millicode execution (specification paragraphs 98-99). Thus, under the broadest reasonable interpretation, the detection logic 120 of the prior art is a gateway to the hardware execution of millicode.), an instruction from a calling entity to perform a secure interface control function (Pg. 452, “instructions…” are put into cache and Milli-code array which are pulled into instruction register 100.  Which came from main memory storing the execution instructions of a calling entity executing on the platform. In addition, Millicode is ”to provide control functions” (Pg. 451), and the operation of the millicode includes secure memory “local working storage” exclusively for the millicode (Pg. 452) and is understand as a form of security for the control function.);
determining, by the communication interface, that the instruction is a millicoded instruction (Pg. 452 -453, “The Milli-Mode detection logic 1220 recognizes when a macro-instruction being decoded is of a type that is to be interpreted in milli-mode…milli-routine implements one or more of the complex functions or instructions…”);
based on determining that the instruction is a millicoded instruction (Pg. 452-453, “…the detection logic 120 …recognizes when a macro-instruction being decoded is of a type that is to be interpreted in milli-mode…generates an entry point address…”);
entering, by the communication interface, a millimode, the entering millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface (Pg. 452-453, “generates an entry point address for the Millicode Array 106 and passes this address along to the instruction fetch control…the detection logic 120 also informs the register controls 126 and puts the decoder 102 into milli-mode (which causes the decoder to allow milli-instructions to be decoded…the instruction fetch control logic switches fetching from the cache 112 to the millicode array 106…the initial milli-instructions are fetched…sent to the instruction registers 100…decodes them and schedules them for execution…” Here, the Milli-Mode Detection 120 is a part of 102, thus, it would be obvious to a person of ordinary skill in the art before the effective filing date of the application to recognize cause the decoder to allow milli-instructions to be decoded functionally enables the millicode of the hardware through the communication interface as decoder and detection logic are one entity.); and
executing, by the millicode, the instruction (Pg. 454, “the processor decodes and executes the milli-instructions that implement the macro-instruction that caused entry into milli-mode…”).

Bullions does not explicitly teaches creating, by a secure interface control of a computer, a secure guest domain and a secured entity in the secure guest domain, wherein the secure interface control includes a hardware mechanism that prevents a storage location assigned to the secured entity from being accessed by other secure entities or by unsecured entities, the hardware mechanism including a table.
However, Hunt teaches a known method of protected computing on PowerPC based system including creating, by a secure interface control of a computer, a secure guest domain [secure memory] and a secured entity [secure VM] in the secure guest domain, wherein the secure interface control includes a hardware mechanism that prevents a storage location assigned to the secured entity from being accessed by other secure entities or by unsecured entities (Pg. 5, “Starting an SVM”, “Copies the SVM to secure memory…one feature of secure memory is that it cannot be addressed by the hypervisor” and Pg. 4, Figure showing each Secure VM having corresponding secure memory and states “the hardware prevents unauthorized system software (and hardware), for example the hypervisor and normal virtual machines, from referencing secure memory…”), the hardware mechanism including a table (Pg. 4, “…hardware prevents unauthorized system…from referencing secure memory…” Examiner note, table is understood as any storage facility.  Moreover, Examiner note, the hardware has the capability to distinguish unauthorized access from authorized access requests to specific regions of memory, thus, the hardware necessarily must have knowledge the mapping of authorized entities to the specific memory regions.  See, e.g., See et al. (US PGPUB 2016/0371496) at Fig. 2E – “application…Access Map” and “Buried PR translation table views”, and paragraphs 105.  Here, table is understood as a memory storage structure that represents the relationship between the protected zones and the accessible owners of those zones). This known technique is applicable to the system of Bullions as they both share characteristics and capabilities, namely, they are directed implementations of features related to IBM’s S390 system (See, search result for documents showing PowerVM of Hunt is an implemented feature on IBM’s 390 system of the Bullion reference).

One of ordinary skill in the art before the effective filing date of the application would have recognized that applying the known technique of Hunt would have yielded predictable results and resulted in an improved system.  It would have been recognized that applying the technique of Hunt to the teachings of Bullions would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such application deployment features into similar systems.  Further, applying communicating to software executing on the computer, the software including a secured entity executing an un-secured entity utilizing microcode and hardware mechanism that prevents the un-secured entity from accessing contents of a secure storage location that is assigned to the secured entity to Bullions with receiving and executing milli-code that has access to separate specific storage areas, where millicode is IBM’s name for a set of microcode accordingly, would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow improved protection of application/guest VMs from hypervisors and any other objects from accessing protected regions. (Sell, Abstract).

As for claims 10 and 19, they are the product and system claims of method claim 1.  Thus, they are rejected under the same rationales.

As for claim 3, Bullions also teaches the communication interface exits the millimode after the instruction is executed by the millicode (Pg. 454, “the detection logic 120 recognizes a millicode END (MEND) milli-instruction…cease fetching milli-instructions…puts decoder in macro-mode and causes the processor to begin fetching macro-instructions…completion of a Mend milli-instruction causes the processor completion logic to begin completing micro-instructions…”).

As for claims 12 and 21, they are the product and system claims of method claim 3.  Thus, they are rejected under the same rationales.

As for claim 6, Bullions also teaches the millicode utilizes enhancements of the communication interface to access secure storage associated with the instruction in a secure execution context (Pg. 452, “the execution element which execute the milli-instructions have access to a local working storage (LWS) 118 for use by the millicode, the LWS 118 provides the millicode with a means to retain results outside of the architected facilities…” As such, the LWS is understood as secure storage.).

As for claims 15 and 24, they are the product and system claims of method claim 6.  Thus, they are rejected under the same rationales.

As for claim 7, Bullions also teaches the millicode is an extension of the hardware that performs functions of the secure interface control upon executing the instruction (Pg. 452, “…each milli-routine implements one or more of the complex functions or instructions…. contained…. private milli-mode only instructions. The private instructions provide control functions needed by the millicode routines…the set of millicode routines reside outside of program addressable storage…” because they are outside of program addressable storage, it is understood as a form of secure function execution).

As for claims 16 and 25, they are the product and system claims of method claim 7.  Thus, they are rejected under the same rationales.

As for claim 28, Hunt teaches the calling entity is an unsecured entity (Pg. 4, “…hypervisor…”)

As for claim 29, Bullions teaches from a calling entity, the instruction comprises an architected instruction (Pg. 452, “architected instruction” which is also understood as regular instruction from the instruction cache.).
Hunt teaches the unsecured entity comprises a hypervisor.

As for claim 30, Hunt also teaches the calling entity is the secured entity (Pg. 4, “…SVM…”).

Claim 26 are rejected under 35 U.S.C. 103 as being unpatentable over Bullions and Hunt, further in view of Sell (US PGPUB (US PGPUB 20160371496).

As for claim 26, Bullion and Hunt do not explicitly teach the table is a zone-security table with location information.
Sell teaches method of execution of specific microcodes to control access to protected storage areas including  the table comprises a zone-security table that indicates that the secure storage location is associated with the secured entity (Fig. 2E – “application…Access Map” and “Buried PR translation table views”, and paragraphs 105.  Here, table is understood as a memory storage structure that represents the relationship between the protected zones and the accessible owners of those zones.  Here, the protected region are subdivided and utilizing index table to be tracked for each secure entity.).  This known technique is applicable to the system of Bullions and Hunt as they both share characteristics and capabilities, namely, they are directed to controlled execution of instructions to access privileged storage by hardware.
One of ordinary skill in the art before the effective filing date of the application would have recognized that applying the known technique of Sell would have yielded predictable results and resulted in an improved system.  It would have been recognized that applying the technique of Sell to the teachings of Bullions and Hunt would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such instruction execution features into similar systems.  Further, applying the table comprises a zone-security table that indicates that the secure storage location is associated with the secured entity to Bullions and Hunt with hardware controlling access to separate specific storage areas, where millicode is IBM’s name for a set of microcode accordingly, would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow improved protection of application/guest VMs from hypervisors and any other objects from accessing protected regions. (Sell, Abstract).


Claim 8-9 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Bullions and Hunt, further in view of Prashant et al. (US PGPUB 2019/0042296).

As for claim 8, Bullions and Hunt does not explicitly teach the millicode, acting as the secure interface control, is dispatching a secured entity and sets an indication that a secured entity is running and loads a secure guest state into the hardware
However, Prashant teaches a known method of secure VM execution including wherein the millicode, acting as the secure interface control (paragraph 47 and 58, “mask enforcer 36...” and “control logic for implementing the described operations…implemented in hardware logic (e.g., as microcode …”) Examiner note, Millicode is a form of microcode, and prior art teaches utilizing microcode implementation in hardware logic for the control logic), dispatches the secured entity and sets an indication that a secured entity is running (paragraph 47 and 17, “mask enforcer 36 thereafter uses the access restrictions from VMCS mask 68 to control access to VMCS60…if VMCS mask 68 specifies NA or RO access for all of the fields in the GSA, mask enforcer 36 will …prevent VMM 40 from writing to any of these fields…”) and loads a secure guest state into the hardware (paragraph 17, VMCS includes a guest state area (GSA) …with every change of execution context into a VM…”). This known technique is applicable to the system of Bullions and Hunt as they both share characteristics and capabilities, namely, they are directed to controlled execution of instructions by hardware utilizing micro/millicode.
One of ordinary skill in the art before the effective filing date of the application would have recognized that applying the known technique of Prashant would have yielded predictable results and resulted in an improved system.  It would have been recognized that applying the technique of Prashant to the teachings of Bullions and Hunt would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such instruction execution features into similar systems.  Further, applying Millicode as interface dispatching a secured entity, sets an indication and loads a secure guest state to Bullions and Hunt with use of millicode to execute complex functionalities accordingly, would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow improved protection of guest VMs from unsecure/compromised VMM. (Prashant, paragraph 5).

As for claims 17, they are the product claims of method claim 8.  Thus, they are rejected under the same rationales.

As for claim 9, Prashant also teaches uses the secure guest state to execute security checks while a secure guest domain associated with the secured entity is running (paragraphs 17 and 47-49).

As for claims 18, they are the product claims of method claim 9.  Thus, they are rejected under the same rationales.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1,3, 6-10, 12, 15-19, 21, 24-26, and 28-30 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN X LU whose telephone number is (571)270-1233.  The examiner can normally be reached on M-F 10am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 5712723759.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KEVIN X LU/
Examiner, Art Unit 2199

/KENNETH TANG/Primary Examiner, Art Unit 2199