DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f): 

(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 

An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a processing device…to…detect…send...send…and perform…” in claims 11-15.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Objections
Claims --8, 12, 13, 14, 15, 18, and 20 are objected to because of the following informalities:  
“to the host” in last line of claims 8, 14, 20 should read “to a host”.
	“a notification” in line 1 of claim 12 should read “the notification”.
	“the application” in claims 13, 14, 15 should read “the software application”.
	“the first process” in claim 15 lacks antecedent basis.
	“the processing” in last line of claim 18 lacks antecedent basis.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2-6, 8, and 17-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 2 recites “the process”.  However, it’s unclear whether this refers to “a first process” in claim 1, “a second process” in claim 1, or some other process.  Similar issue also exists in claims 3-6, 8, 17-18.  For examination purposes, “the process” recited in claims 2-6, 8, 17-18 has been interpreted as any process.
Claim 6 recites “the attack”.  However, it’s unclear whether this refers to “attack” in line 3 of claim 1, “attack” in line 6 of claim 1, or some other attack.  Similar issue also exists in claims 9, 11-15.  For examination purposes, “the attack” in claims 6, 9, 11-15 has been interpreted as any attack.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-7, 10-13, and 16-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tsirkin (US 20190068555).

Claim 1, Tsirkin discloses A method, comprising: 
detecting, by a first process executing in a trusted execution environment (TEE) of a host computer system, an event indicating that the first process is under attack from a second process executing on the host computer system; (e.g. fig. 1, ¶2, 18, 28, 31-33: VM detecting components detect malicious packets attempting to cause undesirable effect on applications, guest operating systems, virtual machines)
setting, by the first process, a flag within a memory region of the TEE indicating that the first process is under attack; and (e.g. ¶29, 33-34, 44: flagging packets as being malicious, adding metadata providing a status indication (e.g. that the packet is malicious) to the malicious packets, adding the malicious packets to the filtering queue)  
performing, by the first process and in view of an attack response policy associated with the first process, an action responsive to detecting the event. (e.g. ¶33-36, 44-45, 47: flagging packets as being malicious, adding metadata providing a status indication (e.g. that the packet is malicious) to the malicious packets, adding the malicious packets including the metadata to the filtering queue, generating filtering rules, applying the filtering rules)

Claim 2, Tsirkin discloses The method of claim 1, wherein the process is an infrastructure process executing at the TEE. (Tsirkin, e.g. ¶31, 44).  

Claim 3, Tsirkin discloses The method of claim 2, wherein the flag is associated with the infrastructure process executing at the TEE. (Tsirkin, e.g. ¶29, 31, 44).  

Claim 4, Tsirkin discloses The method of claim 1, wherein the process is a software application executing within an infrastructure system. (Tsirkin, e.g. ¶29, 31, 44).   

Claim 5, Tsirkin discloses The method of claim 4, wherein setting the flag comprises sending a request to the infrastructure system to set the flag. (Tsirkin, e.g. ¶33-34, 44: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packet is malicious) to the filtering queues).  

Claim 6, Tsirkin discloses The method of claim 4, wherein the software application is to send one or more network packets as a notification of the attack to other processes running within the TEE.  (Tsirkin, e.g. ¶29, 33-34, 44, 52-53: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module).  

Claim 7, Tsirkin discloses The method of claim 1, wherein the action comprises at least one of: terminating execution of the first process, sending a notification, storing data and exiting, exiting after a predetermined wait time, or declining to restart the first process.  (Tsirkin, e.g. ¶29, 33-34, 44, 52-53: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module).  

Claim 10, Karame-Tsirkin discloses The method of claim 1, wherein the flag is accessible to other processes executing at the TEE. (Tsirkin, e.g. ¶29, 33-34, 44, 52-53: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module).

Claim 11, Tsirkin discloses A system comprising: a memory; and a processing device operatively coupled to the memory, wherein the processing device is further to: 
detect an event indicating that a software application running within an infrastructure system deployed to a host computer system is under attack from a process executing on the host computer system, wherein the infrastructure system is executing in a trusted execution environment (TEE) of the host computer system; (e.g. fig. 1, ¶2, 18, 28, 31-33: VM detecting components detect malicious packets attempting to cause undesirable effect on applications, guest operating systems, virtual machines)
send a request to the infrastructure system to set a flag within a memory region of the TEE indicating that the software application is under attack; (e.g. ¶29, 33-34, 44: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues) 
send a notification to other applications executing within the infrastructure system indicating the attack from the process; and (e.g. ¶29, 33-34, 44, 52-54: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module)  
perform, in view of an attack response policy associated with the software application, an action responsive to detecting the event. (e.g. ¶33-36, 44-45, 47: flagging packets as being malicious, adding metadata providing a status indication (e.g. that the packet is malicious) to the malicious packets, adding the malicious packets including the metadata to the filtering queue, generating filtering rules, applying the filtering rules)

Claim 12, Karame-Tsirkin discloses The system of claim 11, wherein to send a notification, the processing device is to send one or more network packets via a network interface device to a predetermined destination, the one or more network packets comprising information related to the attack.  (Tsirkin, e.g. ¶29, 33-34, 44, 52-54).  

Claim 13, Karame-Tsirkin discloses The system of claim 11, wherein the action comprises at least one of: terminating execution of the application, sending a notification, storing data then exiting, exiting after a predetermined wait time, or declining to restart the application. (Tsirkin, e.g. ¶29, 33-34, 44, 52-53: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module).  

Claim 16, this claim is rejected for similar reasons as in claim 1.

Claim 17, this claim is rejected for similar reasons as in claim 3.

Claim 18, this claim is rejected for similar reasons as in claim 5.

Claim 19, this claim is rejected for similar reasons as in claim 7.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-8, 10-14, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Karame (US 20220067150) in view of Tsirkin (US 20190068555).

Claim 1, Karame discloses A method, comprising: 
detecting, by a first process executing in a trusted execution environment (TEE) of a host computer system, an event indicating that the first process is under attack from a second process executing on the host computer system; (e.g. ¶28, 34-35, 37, 39-40, 42: application running in the TEE detects attacks by e.g. checking whether a random nonce received from a trusted service matches the random nonce drawn by the TEE, checking whether a number of restarts exceeds a predetermined threshold, checking if the timing information is genuine)
performing, by the first process and in view of an attack response policy associated with the first process, an action responsive to detecting the event. (e.g. ¶34: halting execution in response to detecting the attacks)
Karame does not appear to explicitly disclose but Tsirkin discloses setting, by the first process, a flag within a memory region of the TEE indicating that the first process is under attack (e.g. ¶29, 31, 33-34, 44: flagging packets as being malicious, adding metadata providing a status indication (e.g. that the packet is malicious) to the malicious packets, adding the malicious packets to the filtering queue).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tsirkin into the invention of Karame for the purpose of notifying another entity of the malicious packets and enabling generation and application of filtering rules based on the malicious packets (Tsirkin, e.g. ¶29, 45)

Claim 2, Karame-Tsirkin discloses The method of claim 1, wherein the process is an infrastructure process executing at the TEE. (Karame, e.g. ¶34-35 or Tsirkin, e.g. ¶31, 44).  Same motivation as in claim 1 would apply. 

Claim 3, Karame-Tsirkin discloses The method of claim 2, wherein the flag is associated with the infrastructure process executing at the TEE. (Tsirkin, e.g. ¶29, 31, 44).  Same motivation as in claim 1 would apply. 

Claim 4, Karame-Tsirkin discloses The method of claim 1, wherein the process is a software application executing within an infrastructure system. (Karame, e.g. ¶34-35 or Tsirkin, e.g. ¶29, 31, 44).   Same motivation as in claim 1 would apply. 

Claim 5, Karame-Tsirkin discloses The method of claim 4, wherein setting the flag comprises sending a request to the infrastructure system to set the flag. (Tsirkin, e.g. ¶33-34, 44: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packet is malicious) to the filtering queues).  Same motivation as in claim 1 would apply. 

Claim 6, Karame-Tsirkin discloses The method of claim 4, wherein the software application is to send one or more network packets as a notification of the attack to other processes running within the TEE.  (Tsirkin, e.g. ¶29, 33-34, 44, 52-53: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module).  Same motivation as in claim 1 would apply. 

Claim 7, Karame-Tsirkin discloses The method of claim 1, wherein the action comprises at least one of: terminating execution of the first process, sending a notification, storing data and exiting, exiting after a predetermined wait time, or declining to restart the first process. (Karame, e.g. ¶34 or Tsirkin, e.g. ¶29, 33-34, 44, 52-53).  Same motivation as in claim 1 would apply. 

Claim 8, Karame-Tsirkin discloses The method of claim 1, wherein the event comprises at least one of: exceeding a threshold delay in executing a command by the process, an unexpected return value from an operation executed by the process, or an exit command to the host that is rejected by the host. (Karame, e.g. ¶34, 35, 37, 40, 42)  

Claim 10, Karame-Tsirkin discloses The method of claim 1, wherein the flag is accessible to other processes executing at the TEE. (Tsirkin, e.g. ¶29, 33-34, 44, 52-53: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module).  Same motivation as in claim 1 would apply. 

Claim 11, Karame discloses A system comprising: a memory; and a processing device operatively coupled to the memory, wherein the processing device is further to: 
detect an event indicating that a software application running within an infrastructure system deployed to a host computer system is under attack from a process executing on the host computer system, wherein the infrastructure system is executing in a trusted execution environment (TEE) of the host computer system; (e.g. ¶28, 34-35, 37, 39-40, 42: application running in the TEE detects attacks by e.g. checking whether a random nonce received from a trusted service matches the random nonce drawn by the TEE, checking whether a number of restarts exceeds a predetermined threshold, checking if the timing information is genuine)
perform, in view of an attack response policy associated with the software application, an action responsive to detecting the event. (e.g. ¶34: halting execution in response to detecting the attacks)
Karame does not appear to explicitly disclose but Tsirkin discloses send a request to the infrastructure system to set a flag within a memory region of the TEE indicating that the software application is under attack (e.g. ¶29, 33-34, 44: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues) send a notification to other applications executing within the infrastructure system indicating the attack from the process (e.g. ¶29, 33-34, 44, 52-54: sending a write request to add the malicious packets including the metadata providing a status indication (e.g. that the packets are malicious) to the filtering queues as a notification to the virtual NICs, filtering queue accessing module, filtering rule generating module, filtering rule storing module).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tsirkin into the invention of Karame for the purpose of notifying another entity of the malicious packets and enabling generation and application of filtering rules based on the malicious packets (Tsirkin, e.g. ¶29, 45)

Claim 12, Karame-Tsirkin discloses The system of claim 11, wherein to send a notification, the processing device is to send one or more network packets via a network interface device to a predetermined destination, the one or more network packets comprising information related to the attack.  (Tsirkin, e.g. ¶29, 33-34, 44, 52-54).  Same motivation as in claim 1 would apply. 

Claim 13, Karame-Tsirkin discloses The system of claim 11, wherein the action comprises at least one of: terminating execution of the application, sending a notification, storing data then exiting, exiting after a predetermined wait time, or declining to restart the application. (Karame, e.g. ¶34 or Tsirkin, e.g. ¶29, 33-34, 44, 52-53).  Same motivation as in claim 1 would apply. 

Claim 14, Karame-Tsirkin discloses The system of claim 11, wherein the event comprises at least one of: exceeding a threshold delay in executing a command by the application, an unexpected return value from an operation executed by the application, or an exit command to the host that is rejected by the host.  (Karame, e.g. ¶34, 35, 37, 40, 42) 

Claim 16, this claim is rejected for similar reasons as in claim 1.

Claim 17, this claim is rejected for similar reasons as in claim 3.

Claim 18, this claim is rejected for similar reasons as in claim 5.

Claim 19, this claim is rejected for similar reasons as in claim 7.

Claim 20, this claim is rejected for similar reasons as in claim 8.

Claims 9 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Karame (US 20220067150) in view of Tsirkin (US 20190068555) and further in view of Jin (US 20150244717).

Claim 9, Karame-Tsirkin discloses The method of claim 1, (see above) and does not appear to explicitly disclose but Jin discloses wherein the attack response policy is one of a plurality of attack response policies associated with the first process, and wherein the attack response policy is selected based on a severity of the attack of the second process.  (e.g. ¶33-35, 44)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Jin into the invention of Karame-Tsirkin for the purpose of enabling different security actions to be performed based on different security levels (Jin, ¶34-35).

Claim 15, Karame-Tsirkin discloses The system of claim 11, (see above) and does not appear to explicitly disclose but Jin discloses wherein the attack response policy is one of a plurality of attack response policies associated with the application, and wherein the attack response policy is selected based on a severity of the attack of the first process. (e.g. ¶33-35, 44)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Jin into the invention of Karame-Tsirkin for the purpose of enabling different security actions to be performed based on different security levels (Jin, ¶34-35).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20150007316 discloses hybrid operating system and secure environment network
traffic monitoring technique. In block 410 of FIG. 4, the TE 345 monitors network traffic, collecting flow data such as is illustrated in chart 200 of FIG. 2…In block 440, if the trusted environment data is not the same as the operating system environment data, that difference may indicate the presence of malware. An alert may be generated in block 450. The alert may be generated either in the trusted environment…and may take any desired form, such as a message displayed on the computer 110, an alert message sent to an external facility (e.g. via a network), or an alert transmitted to the host-based intrusion detection system from the trusted environment…the alert may be accompanied with a transmission of the two data sets to an analysis facility, which may be on the computer 110 or elsewhere. If on the computer 110, the analysis facility may be in the TE 345…The analysis facility may then undertake further analysis of the differences, and possible recognition of malware sites indicated in the trusted environment data.

	US 20180107826 discloses techniques for mitigating attacks on an application operating in a trusted execution environment of a computing device are provided. An example method according to these techniques includes monitoring performance of the trusted application operating in the trusted execution environment of the computing device, determining whether an undesired behavior of the trusted application has occurred more than or equal to a threshold number of times, and executing a delayed restart process for the trusted application.

	US 20190007436 discloses a device may include one or more processors to receive a file that may be analyzed for malware; open the received file in a secure environment; determine that a secondary file in the secure environment may have been accessed based on the received file being opened; analyze the secondary file in the secure environment to identify malware; and/or perform an action associated with the received file based on the secondary file being analyzed.

	US 10430586 discloses the VM is used to process an object to determine whether the object is associated with malware. Logic within the VM analyzes memory allocated for a process within the VM for a point of interest (POI), the POI being an address of one of a set predetermined instructions likely to be associated with malware. The VMM detects a memory violation during processing of the object and responsive to detecting the memory violation, injects a transition event at the POI on the page on which the POI is located in memory. Further, responsive to detecting an attempted execution of the transition event, the VMM (i) emulates an instruction located at the POI, and (ii) the logic within the VM performs one or more malware detection routines.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436