DETAILED ACTION
This is the initial Office action based on the application filed on June 16, 2020.
Claims 1-33 are pending.
For clarity of the prosecution history record, Claims 12-22 are directed to a computer program product comprising a computer-readable storage medium. It is noted that the Applicant’s specification states that “[a] computer-readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire” (page 18, paragraph [0074]). Thus, such statement appears to provide a special definition that explicitly excludes a computer-readable storage medium from being interpreted as transitory signals per se. Therefore, Claims 12-22 can rely on the special definition and are eligible subject matter under § 101.
For clarity of the prosecution history record, Applicant’s representative was contacted by the Examiner on May 19, 2022 regarding proposed claim amendments to put the claims in condition for allowance. However, Applicant’s representative failed to respond in due time.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
The following title is suggested: AUTOMATED PLATFORM TO ASSESS COMMERCIAL OFF THE SHELF (COTS) SOFTWARE ASSURANCE.

Claim Objections
Claims 1-12, 14-18, 20-23, 25-29, and 31-33 are objected to because of the following informalities:
Claims 1, 12, and 23 recite “verifying software.” It should read -- verifying software programs --.
Claims 1, 12, and 23 recite “the simulated computing environments.” It should read -- the computing environments simulated by the virtual machines --.
Claims 1, 12, and 23 recite “wherein the virtual machines and software programs are unaware the virtual machine introspection is being performed.” It should read -- wherein the virtual machines and software programs are unaware that the virtual machine introspection is being performed using the hypervisor --.
Claims 1, 12, and 23 recite “the telemetry data.” It should read -- the telemetry data about the guest software programs --.
Claims 1-11 recite “[t]he method.” It should read -- The computer-implemented method --.
Claims 9, 20, and 31 recite “the false information.” It should read -- the false environmental or time information --.
Claim 14 recites “instruction for.” It should read -- program instructions to perform the steps of --.
Claims 15, 16, and 18 recite “instructions for.” It should read -- program instructions to perform the step of --.
Claims 17 and 20-22 recite “instructions for.” It should read -- program instructions to perform the steps of --.
Claims 25-29 and 31-33 recite “execute instructions to.” It should read -- execute the program instructions to --.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 10, 18, 21, 29, and 32 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.

Claims 10, 21, and 32 recite the limitation “the different versions of the software programs.” There is insufficient antecedent basis for this limitation in the claims. In the interest of compact prosecution, the Examiner subsequently interprets this limitation as reading “the updated versions of the software programs” for the purpose of further examination.

Claims 18 and 29 recite the limitation “the changes in execution states of the software programs.” There is insufficient antecedent basis for this limitation in the claims. In the interest of compact prosecution, the Examiner subsequently interprets Claims 18 and 29 as depending on Claims 17 and 28, respectively, for the purpose of further examination. Note that such dependency order would provide sufficient antecedent basis for this limitation in the claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 8, 12, 19, 23, and 30 are rejected under 35 U.S.C. 103 as being unpatentable over US 2016/0366185 (hereinafter “Lee”) in view of US 2009/0328170 (hereinafter “Williams”).

As per Claim 1, Lee discloses:
A computer-implemented method of verifying software, the method comprising:
creating, by a number of processors (paragraph [0067], “A testbed can include three Dell PowerEdge R210II servers, each with a quad-core 3.30 GHz Intel Xeon processor …”), a number of virtual machines that simulate a number of computing environments (paragraph [0005], “In an Infrastructure as a Service (“IaaS”) computing environment, a customer can request to launch a Virtual Machine (“VM”) in the cloud system. The cloud provider places the VM in a virtualized cloud server, and allocates a specified amount of physical resources (CPU, memory, disk, networking, etc.) to the VM [creating a number of virtual machines that simulate a number of computing environments].”);
running, by a number of processors (paragraph [0067], “A testbed can include three Dell PowerEdge R210II servers, each with a quad-core 3.30 GHz Intel Xeon processor …”), a number of software programs on the virtual machines, wherein the software programs have full access to the simulated computing environments (paragraph [0005], “In an Infrastructure as a Service (“IaaS”) computing environment, a customer can request to launch a Virtual Machine (“VM”) in the cloud system. The cloud provider places the VM in a virtualized cloud server, and allocates a specified amount of physical resources (CPU, memory, disk, networking, etc.) to the VM. The customer is granted remote access to the VM [wherein the software programs have full access to the simulated computing environments].”; paragraph [0014], “The cloud server includes a software entity to be protected (e.g., virtual machine or process), a system software layer that manages the software entities [running a number of software programs on the virtual machines] and assigns resources to them (e.g., hypervisor or operating system)”);
performing, by a number of processors (paragraph [0067], “A testbed can include three Dell PowerEdge R210II servers, each with a quad-core 3.30 GHz Intel Xeon processor …”), virtual machine introspection using a hypervisor as the software programs run on the virtual machines, wherein the virtual machines and software programs are unaware the virtual machine introspection is being performed (paragraph [0007], “The prior art solutions on inside-VM threats proposed Virtual Machine Introspection (“VMI”) techniques. This can provide the service of VM health monitoring at the hypervisor level. Since the hypervisor manages the VMs and runs below the VMs, a hypervisor health monitor is outside the VM, it is able to detect the existence of malicious or untrusted entities inside the VM, while being isolated, and thus protected, from the VM [performing virtual machine introspection using a hypervisor as the software programs run on the virtual machines, wherein the virtual machines and software programs are unaware the virtual machine introspection is being performed].”);
collecting, by a number of processors (paragraph [0067], “A testbed can include three Dell PowerEdge R210II servers, each with a quad-core 3.30 GHz Intel Xeon processor …”), telemetry data about the software programs including any identified threats posed by the software programs to the simulated computing environments (paragraph [0056], “… when the customer 12 asks to check if there is malware running as a background service and hiding itself in the target VM 42, the attestation server 16 can issue a request for getting the list of running tasks for that VM 42. The VM introspection tool 52 located in the hypervisor's 40 monitor module 44 can probe into the target VM's memory region to obtain the running tasks list. This information can be written into the trust evidence registers 64 (or encrypted and hashed, then written to untrusted RAM memory, with a pointer, a length value and a cryptographic key written into the trust evidence registers 64) and transmitted back to the attestation server 16 [collecting telemetry data about the software programs including any identified threats posed by the software programs to the simulated computing environments].”); and
presenting, by a number of processors (paragraph [0067], “A testbed can include three Dell PowerEdge R210II servers, each with a quad-core 3.30 GHz Intel Xeon processor …”), the telemetry data to a user via an interface (paragraph [0056], “The customer 12 can compare this actual task list in the returned attestation report and compare it with the report the customer 12 gets from querying the corrupted guest OS, to detect the malware running in customer's 12 VM 42 [presenting the telemetry data to a user via an interface].”).
Lee does not explicitly disclose:
wherein source code of the software programs is unavailable.
However, Williams discloses:
wherein source code of software programs is unavailable (paragraph [0004], “Systems exist that contain an end user workstation computing architecture using commercial off the shelf ("COTS") components to enable that end user workstation to meet varying levels of information assurance requirements. Such systems utilize typical COTS hardware and software that can be coupled with a host operating system, virtual machine monitor, virtual network hubs, network encryptors, and filtering routers to allow multiple machine environments to run simultaneously and to access multiple networks from the same physical machine.”). [Examiner’s Remarks: Note that Williams discloses commercial off the shelf (COTS) software. Thus, one of ordinary skill in the art would readily comprehend that source code of COTS software is unavailable.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Williams into the teaching of Lee to include “wherein source code of the software programs is unavailable.” The modification would be obvious because one of ordinary skill in the art would be motivated to isolate security functions within systems from user operating systems and application software (Williams, paragraph [0004]).

As per Claim 8, the rejection of Claim 1 is incorporated; and Lee further discloses:
wherein the virtual machines emulate a host and network environment (paragraph [0005], “In an Infrastructure as a Service (“IaaS”) computing environment, a customer can request to launch a Virtual Machine (“VM”) in the cloud system. The cloud provider places the VM in a virtualized cloud server, and allocates a specified amount of physical resources (CPU, memory, disk, networking, etc.) to the VM.”).

Claims 12 and 19 are computer program product claims corresponding to the computer-implemented method claims hereinabove (Claims 1 and 8, respectively). Therefore, Claims 12 and 19 are rejected for the same reasons set forth in the rejections of Claims 1 and 8, respectively.

Claims 23 and 30 are system claims corresponding to the computer-implemented method claims hereinabove (Claims 1 and 8, respectively). Therefore, Claims 23 and 30 are rejected for the same reasons set forth in the rejections of Claims 1 and 8, respectively.

Claims 10, 21, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Lee in view of Williams as applied to Claims 1, 12, and 23 above, and further in view of US 2011/0214111 (hereinafter “Vidal”).

As per Claim 10, the rejection of Claim 1 is incorporated; and the combination of Lee and Williams does not explicitly disclose:
running a number of updated versions of the software programs on the virtual machines; and
comparing telemetry data for the different versions of the software programs.
However, Vidal discloses:
running a number of updated versions of software programs on virtual machines (paragraph [0002], “A computer user of a physical or virtual machine typically starts and runs a number of applications or other software in the course of operating that machine.”; paragraph [0019], “In 410, restart tool 104 and/or other logic can associate each file in the set of executable files 108 with a corresponding software package update in set of installed software packages 112 installed on client 102.”); and
comparing telemetry data for the updated versions of the software programs (paragraph [0020], “In 414, restart tool 104 and/or other logic can compare the time stamp 118 and/or other version indicator for each software package update in set of installed software packages 112 to a process start time 116 for each corresponding process in set of executing processes 106.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Vidal into the combined teachings of Lee and Williams to include “running a number of updated versions of the software programs on the virtual machines; and comparing telemetry data for the different versions of the software programs.” The modification would be obvious because one of ordinary skill in the art would be motivated to terminate all executing processes whose underlying executable files have become out-of-date (Vidal, paragraph [0003]).

Claim 21 is a computer program product claim corresponding to the computer-implemented method claim hereinabove (Claim 10). Therefore, Claim 21 is rejected for the same reason set forth in the rejection of Claim 10.

Claim 32 is a system claim corresponding to the computer-implemented method claim hereinabove (Claim 10). Therefore, Claim 32 is rejected for the same reason set forth in the rejection of Claim 10.

Claims 11, 22, and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Lee in view of Williams as applied to Claims 1, 12, and 23 above, and further in view of US 2004/0225877 (hereinafter “Huang”).

As per Claim 11, the rejection of Claim 1 is incorporated; and the combination of Lee and Williams does not explicitly disclose:
identifying digital certificate information associated with the software programs; and
identifying a number of vendors supplying the software programs based on the digital certificate information.
However, Huang discloses:
identifying digital certificate information associated with software programs (paragraph [0027], “Identity of the vendor creating the software program. The identity could be the corporation name, which could be comprised in the program file, or in a digital certificate used to verify the digital signature signed on the program file.”); and
identifying a number of vendors supplying the software programs based on the digital certificate information (paragraph [0048], “Software vendor attribute that identifies the vendor of the software program. It could be the name of the company. A typical software program file contains the company name and the version number. The name could also be comprised in a digital certificate used for verifying the digital signature signed on the program file.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Huang into the combined teachings of Lee and Williams to include “identifying digital certificate information associated with the software programs; and identifying a number of vendors supplying the software programs based on the digital certificate information.” The modification would be obvious because one of ordinary skill in the art would be motivated to identify vendors creating software programs (Huang, paragraph [0027]).

Claim 22 is a computer program product claim corresponding to the computer-implemented method claim hereinabove (Claim 11). Therefore, Claim 22 is rejected for the same reason set forth in the rejection of Claim 11.

Claim 33 is a system claim corresponding to the computer-implemented method claim hereinabove (Claim 11). Therefore, Claim 33 is rejected for the same reason set forth in the rejection of Claim 11.

Allowable Subject Matter
Claims 2-7, 9, 13-18, 20, 24-29, and 31 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure.
US 2009/0055693 (hereinafter “Budko”) discloses monitoring execution of registered code within a virtual machine.
US 2009/0288084 (hereinafter “Astete”) discloses a multi-tenant virtual machine infrastructure (MTVMI) allowing multiple tenants to independently access and use a plurality of virtual computing resources via the Internet.
US 2013/0179971 (hereinafter “Harrison”) discloses detecting a threat by observing multiple behaviors of a computer system in program execution from outside of a host virtual machine.
US 2014/0259169 (hereinafter “Harrison”) discloses identifying a presence of a threat signature from the plurality of threat signatures within the computer system.
US 2016/0314297 (hereinafter “Tu”) discloses implementing virtual machine introspection.
US 9,032,400 (hereinafter “Thomas”) discloses opportunistically initiating potentially invasive actions on a computer system hosting virtual machine instances.
US 9,244,743 (hereinafter “Scott”) discloses remotely interacting with a virtualized machine instance (VMI) through a trigger mechanism resident at the VMI.

Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Qing Chen whose telephone number is 571-270-1071. The Examiner can normally be reached on Monday through Friday from 9:00 AM to 5:00 PM EST.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Wei Zhen, can be reached at 571-272-3708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the TC 2100 Group receptionist whose telephone number is 571-272-2100.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/Qing Chen/
Primary Examiner, Art Unit 2191