DETAILED ACTION
This office action is in response to the correspondence filed on 11/03/2020. This application is a continuation of 15396231 filed 12/30/2016 that has a provisional application 62019818 filed 07/01/2014. Claims 2, 5, 10-23, 30, 44, 48, and 52 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Priority
Applicant's claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. 


Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 07/28/2021 and 02/24/2022. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 2, 5, 10, 12, 16 ,23, 44, and 48 is objected to because of the following informalities:
Claim 2, the first instance of “virtualization assistance layer” should read “the virtualization assistance layer (VAL)” to establish the meaning of VAL in later limitations. There is also an instance of “the Virtualization Assistance Layer” which should be changed to all lower case to be consistent in the claim.
Claims 2 and 10, “CPU” should be spelled out before acronym is used the first time in a claim set even if it is a commonly known term.
Claim 5, “USB” should be spelled out before acronym is used the first time in a claim set even if it is a commonly known term.
Claim 10, “a I/O device” should read “”. 
Claim 10, “I/O device” should read “”. 
Claim 23, “CPU/ABI” should be spelled out before acronym is used the first time in a claim set.
Claims 12 and 44 seem to be duplicated dependent claims.
Claims 16 and 48 seem to be duplicated dependent claims.
Appropriate correction is required.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 2, 5, 10-23, 30, 44, 48, and 52 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. US 10824715 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the instant application are anticipated by the patented claims. The claims in the instant application are essentially the same while broader in scope than the ones in the issued patent. The instant application has the basic elements of separation kernel hypervisor and virtualization assistance layer, processing configuration queries, and varying location of private I/O devices at guest startup time; while the issued patents have the same basic elements and additional features of the guest operating system and detection mechanism as seen in the example below in claim 2 of the instant application and claim 1 of the issued patent.

Instant Application
U.S. Patent No. 10824715 B2
2. (original) A method for providing anti-fingerprinting mechanisms in a separation kernel hypervisor to improve computer security, the method comprising:
















transitioning, with a separation kernel hypervisor, an execution from a guest operating system to a virtualization assistance layer isolated from the guest operating system;
transitioning, with the virtualization assistance layer, the execution to at least one virtualization assistance layer mechanism;
implementing, via the Virtualization Assistance Layer, a virtual motherboard containing a virtual CPU, one or more virtual devices, and one or more virtual controllers associated with each of the virtual devices;
processing configuration queries directed to the virtual controllers; and
utilizing a I/O device mechanism within the VAL to vary location of non-standard, private I/O devices at guest startup time.
1. A method for providing anti-fingerprinting mechanisms in a separation kernel hypervisor to improve computer security, the method comprising:
partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains;
executing the guest operating system virtual protection domains to provide a secure software execution environment wherein the domains are isolated from each other, wherein each of the domains includes a guest operating system, a virtualization assistance layer, and a detection mechanism;
providing a virtualization assistance layer (VAL) including a virtual representation of the hardware platform in each of the guest operating system virtual machine protection domains such that the VAL security processing is not performed in the separation kernel hypervisor;
transitioning, with a separation kernel hypervisor, an execution from a guest operating system to the virtualization assistance layer isolated from the guest operating system;
transitioning, with the virtualization assistance layer, the execution to at least one virtualization assistance layer mechanism;
implementing, via the virtualization assistance layer, a virtual motherboard containing a virtual CPU, one or more virtual devices, and one or more virtual controllers associated with each of the virtual devices;
processing configuration queries directed to at least one virtual controller; and
utilizing an I/0 device mechanism within the VAL to vary, at guest startup time, location information of one or more private I/0 devices and/or memory areas associated with non-native platform resources.




Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 2, 5, 10-23, 30, 44, 48, and 52 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Regarding claim 2 and similarly in claim 10, “non-standard, private I/O devices” is not clearly defined in the clam or in the specification. Please clearly identify the term in the claim language. 
Examiner notes that for the purpose of examination, non-standard is interpreted to be devices with configurations that can change. Also, please see the applicant remarks and corresponding amendments filed 05/26/2020 in application 15396231 to review how this similar rejection was overcome and it could likely be applied here.

Regarding claims 16 and 48, they recite “the loss of security” which is not recited before. It should probably read “a loss of security”. There is insufficient antecedent basis for this limitation in the claim. 
Regarding claims 17 and 18, they recite “the virtual hardware platform” which is not recited before. There is insufficient antecedent basis for this limitation in the claim.
Regarding claim 23, it recites “the hardware platform resources” which is not recited before. There is insufficient antecedent basis for this limitation in the claim.
Regarding claims 15, 19, 20, and 22, they recite “the detection mechanism(s)” which is not recited before. There is insufficient antecedent basis for this limitation in the claim. 
Appropriate correction is required.
Examiner suggests applicant to review the claim set thoroughly for accuracy.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 5, 10-23, 30, 44, 48, and 52 are rejected under 35 U.S.C. 103 as being unpatentable over Freericks et al. (US Pub No. US 2009/0288167 A1, referred to as Freericks), in view of Astete et al. (US Patent No. 8.473,627 B2, referred to as Astete) and further in view of Nicholson et al. (US Patent No. 9,703,444 B2, referred to as Nicholson). 
Regarding claim 2, Freericks discloses,
2. (original) A method for providing anti-fingerprinting mechanisms in a separation kernel hypervisor to improve computer security, the method comprising:
transitioning, with a separation kernel hypervisor, an execution from a guest operating system to a virtualization assistance layer isolated from the guest operating system; (Freericks: Fig. 1; [0039], [0044], [0047]; security module (VAL) in each guest OS protects the guest OS in a virtualization environment or hypervisor.)
transitioning, with the virtualization assistance layer, the execution to at least one virtualization assistance layer mechanism; (Freericks: [0047]; the security modules identify malware in the guest OS.)
implementing, via the Virtualization Assistance Layer, a virtual motherboard containing a virtual CPU, one or more virtual devices, and one or more virtual controllers associated with each of the virtual devices; (Freericks: Fig. 1-2; [0052], [0021], [0005]; security modules in memory is connected to a part of CPU, video display adapter and virtual storage device)
Freericks discloses the virtualization assistance layer. It does not explicitly disclose, however Astete further discloses,
processing configuration queries directed to the virtual controllers; and (Astete: Fig. 3B; Coln. 9, ls. 21-36; MTVMI sends a resulting screen of the VM in response to the tenant’s request (configuration query) for a VM with virtual devices.)
Freericks and Astete are analogous art because they are from the same field of endeavor in in systems with virtualization features. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of Freericks and Astete before him or her to modify the virtual system of Freericks to include the techniques of Astete, thereafter the system is connected to the techniques. The suggestion and/or motivation for doing so would be obtaining the advantage of allowing the system to be configured dynamically as suggested by Astete. It is a known technique to improve similar methods in the same way. Therefore, it would have been obvious to combine Freericks with Astete to obtain the invention as specified in the instant application claims. 
The combination of Freericks and Astete does not explicitly disclose, however Nicholson further discloses,
utilizing a I/O device mechanism within the VAL to vary location of non-standard, private I/O devices at guest startup time. (Nicholson: Coln. 6, ls. 33-52, Coln. 5, ls. 17-19; during the startup time of a device which can have a virtualized environment and guest OS, detects the monitors (output device) and determine if the configuration changes and configured accordingly.)
Freericks, Astete and Nicholson are analogous art because they are from the same field of endeavor in systems with virtualization features. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of Freericks, Astete and Nicholson before him or her to modify the virtual system of Freericks and Astete to include the techniques of Nicholson, thereafter the system is connected to the techniques. The suggestion and/or motivation for doing so would be obtaining the advantage of allowing the system to configure external devices at startup time with different configurations as suggested by Nicholson. It is a known technique to improve similar methods in the same way. Therefore, it would have been obvious to combine Freericks and Astete with Nicholson to obtain the invention as specified in the instant application claims. 


Regarding claim 5, the combination of Freericks, Astete and Nicholson discloses, 
5. (currently amended) The system of claim 10, 
Feericks further discloses,
further comprising: 
one or more virtual devices including a disk controller, a network controller, a graphics controller, an audio controller, a USB controller, a keyboard, a mouse, and/or serial interface. (Feericks: [0053]; computing device 102 may also include input/output interface 224 for communicating with external devices, such as a mouse, keyboard, scanner, or other input/output devices.)


Regarding claim 10, Freericks discloses,
10. (currently amended) A computer security system comprising:
at least one processor constructed and arranged to perform a method comprising: (Freericks: Fig. 1.)
transitioning, with a separation kernel hypervisor, an execution from a guest operating system to a virtualization assistance layer isolated from the guest operating system; (Freericks: Fig. 1; [0039], [0044], [0047]; security module (VAL) in each guest OS protects the guest OS in a virtualization environment or hypervisor.)
transitioning, with the virtualization assistance layer, the execution to at least one virtualization assistance layer mechanism; (Freericks: [0047]; the security modules identify malware in the guest OS.)
implementing, via the virtualization assistance layer (VAL), a virtual motherboard containing a virtual CPU, one or more virtual devices, and one or more virtual controllers associated with each of the virtual devices; (Freericks: Fig. 1-2; [0052], [0021], [0005]; security modules in memory is connected to a part of CPU, video display adapter and virtual storage device)
Freericks discloses the virtualization assistance layer. It does not explicitly disclose, however Astete further discloses,
processing configuration queries directed to the virtual controllers; and (Astete: Fig. 3B; Coln. 9, ls. 21-36; MTVMI sends a resulting screen of the VM in response to the tenant’s request (configuration query) for a VM with virtual devices.)
Freericks and Astete are analogous art because they are from the same field of endeavor in in systems with virtualization features. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of Freericks and Astete before him or her to modify the virtual system of Freericks to include the techniques of Astete, thereafter the system is connected to the techniques. The suggestion and/or motivation for doing so would be obtaining the advantage of allowing the system to be configured dynamically as suggested by Astete. It is a known technique to improve similar methods in the same way. Therefore, it would have been obvious to combine Freericks with Astete to obtain the invention as specified in the instant application claims. 
The combination of Freericks and Astete does not explicitly disclose, however Nicholson further discloses,
utilizing an I/O device mechanism and/or private memory area within the VAL to vary location and/or size of non-standard, private I/O devices and/or memory areas at guest startup time. (Nicholson: Coln. 6, ls. 33-52, Coln. 5, ls. 17-19; during the startup time of a device which can have a virtualized environment and guest OS, detects the monitors (output device) and determine if the configuration changes and configured accordingly.)
Freericks, Astete and Nicholson are analogous art because they are from the same field of endeavor in systems with virtualization features. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of Freericks, Astete and Nicholson before him or her to modify the virtual system of Freericks and Astete to include the techniques of Nicholson, thereafter the system is connected to the techniques. The suggestion and/or motivation for doing so would be obtaining the advantage of allowing the system to configure external devices at startup time with different configurations as suggested by Nicholson. It is a known technique to improve similar methods in the same way. Therefore, it would have been obvious to combine Freericks and Astete with Nicholson to obtain the invention as specified in the instant application claims. 


Regarding claim 11, the combination of Freericks, Astete and Nicholson discloses, 
11. (currently amended) The system of claim 10, 
further comprising:
Feericks further discloses,
implementing a separation kernel hypervisor that ensures isolation of multiple guest operating systems, each guest operating system in its own virtual machine. (Freericks: [0044]; Virtualization environment 116, also known as a host operating system, hypervisor, master control system, or the like, controls the computing device hardware 108, and exposes the available hardware resources to one or more guest operating systems, so that it appears to each guest operating system that it is running on a dedicated computing device. The virtualization environment 116 may completely emulate a computing device, such that a guest operating system typically would not directly access the physical computing device hardware 108.)


Regarding claim 12, the combination of Freericks, Astete and Nicholson discloses, 
12. (currently amended) The system of claim 10, further comprising:
Feericks further discloses,
implementing a virtualization assistance layer (VAL) of software that runs within the same protection domain as the guest virtual machine but is not directly accessible by the guest. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS.)


Regarding claim 13, the combination of Freericks, Astete and Nicholson discloses, 
13. (currently amended) The system of claim 10, further comprising:
Feericks further discloses,
implementing a virtualization assistance layer that implements a virtual motherboard containing a virtual CPU and memory. (Freericks: Fig. 1-2; [0052], [0021], [0005]; security modules in memory is connected to a part of CPU, video display adapter and virtual storage device.)


Regarding claim 14, the combination of Freericks, Astete and Nicholson discloses, 
14. (currently amended) The system of claim 10, further comprising:
Feericks further discloses,
executing one or more detection mechanism(s) while preventing interference and/or corruption/tampering/bypassing by the plurality of guest operating system virtual machine protection domains. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS (detection mechanism).)


Regarding claim 15, the combination of Freericks, Astete and Nicholson discloses, 
15. (currently amended) The system of claim 10, further comprising one or more of:
Feericks further discloses,
implementing at least one routine and/or component to prohibit the guest operating systems from tampering with, corrupting, and/or bypassing the detection mechanism(s); and (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS (detection mechanism).)
executing the detection mechanism(s) while preventing interference and/or bypassing/corrupting/tampering by the plurality of guest operating systems. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS (detection mechanism).)


Regarding claim 16, the combination of Freericks, Astete and Nicholson discloses, 
16. (currently amended) The system of claim 10, wherein:
Feericks further discloses,
the plurality of guest operating system virtual machine protection domains includes corresponding guest operating systems; and (Freericks: Fig. 1; [0039], [0044], [0047]; security module (VAL) in each guest OS protects the guest OS in a virtualization environment or hypervisor.)
wherein isolating the loss of security in one of the guest operating system virtual machine protection domains to the one lost security domain such that security is not broken in all the domains. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS (detection mechanism) and guest OS is protected from on another.)


Regarding claim 17, the combination of Freericks, Astete and Nicholson discloses, 
17. (currently amended) The system of claim 10, wherein:
Feericks further discloses,
moving virtualization processing to the virtual hardware platforms within each guest operating system protection domain so that substantially all analysis and security testing is performed within each guest operating system protection domain such that the separation kernel hypervisor is of reduced size/complexity. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS.)


Regarding claim 18, the combination of Freericks, Astete and Nicholson discloses, 
18. (currently amended) The system of claim 10, wherein:
Feericks further discloses,
detecting in each of the domains their own probing instruction as a function of the isolated domains: or (Freericks: Fig. 1; [0039], [0047]; security module in each guest OS protects the guest OS and communicates with the virtualization environment security module after identifying malware executing in guest OS (probing instruction).)
wherein viewing the virtual hardware platform within each domain as separate hardware by a guest such that bypass is prevented. (Freericks: Fig. 1; [0044]; guest OS is appeared to be running on a dedicated computing device.)


Regarding claim 19, the combination of Freericks, Astete and Nicholson discloses, 
19. (currently amended) The system of claim 10, 
Feericks further discloses,
wherein the detection mechanism(s) includes subcomponents and/or subroutines configured for monitoring of guest operating system memory access. (Freericks: Fig. 1; [0039], [0047]; security module (subcomponent) in each guest OS protects the guest OS and communicates with the virtualization environment security module after identifying malware (memory access) executing in guest OS (detection mechanism).)


Regarding claim 20, the combination of Freericks, Astete and Nicholson discloses, 
20. (currently amended) The system of claim 10, 
Feericks further discloses,
wherein the detection mechanism includes subcomponents and/or subroutines configured for monitoring actions of the guest operating system including observation, detection, and/or tracking of code, data, execution flow, and/or resource utilization at runtime. (Freericks: Fig. 1; [0039], [0047]; security module (subcomponent) in each guest OS protects the guest OS and communicates with the virtualization environment security module after identifying malware executing in guest OS (detection mechanism).)


Regarding claim 21, the combination of Freericks, Astete and Nicholson discloses, 
21. (currently amended) The system of claim 10, further comprising:
Feericks further discloses,
executing one or more detection mechanism(s) while preventing interference and/or corruption/tampering/bypassing by the plurality of guest operating system virtual machine protection domains. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS (detection mechanism).)


Regarding claim 22, the combination of Freericks, Astete and Nicholson discloses, 
22. (currently amended) The method or invention system of claim 10, further comprising:
Feericks further discloses,
enforcing policy for activities monitored by the detection mechanism(Oe within the guest operating system virtual machine protection domain. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS (enforcing policy) and communicates with the virtualization environment security module after identifying malware executing in guest OS.)


Regarding claim 23, the combination of Freericks, Astete and Nicholson discloses, 
23. (currently amended) The system of claim 10, 
Feericks further discloses,
wherein the virtualization assistance layer virtualizes portions of the hardware platform resources including a virtual CPU/ABI, a virtual chipset ABI, a set of virtual devices, a set of physical devices, and firmware exported to the corresponding guest operating system. (Feericks: [0053]; computing device 102 may also include input/output interface 224 for communicating with external devices, such as a mouse, keyboard, scanner, or other input/output devices.)


Regarding claim 30, the combination of Freericks, Astete and Nicholson discloses, 
30. (currently amended) The system of claim 10, further comprising:
Freericks does not explicitly disclose, however Astete further discloses,
utilizing a CPU identification instructions mechanism within the hypervisor to vary results of execution of CPU identification instructions in the processor according to configuration data for the hypervisor. (Astete: Fig. 3B; Coln. 7, ls. 64-67, Coln. 8, ls. 1-3; Coln. 9, ls. 21-36; tenant requests (CPU identification instructions) for a VM and MTVMI executes accordingly. Coln. 9, ls. 62-67; the MTVMI allocates tenant resources such as data storage space and CPU time based on their request (MTVMI varies the resources result based on the tenant request).)
The same motivation that was utilized for combining Freericks and Astete as set forth in claim 10 is equally applicable to claim 30.


Regarding claim 44, the combination of Freericks, Astete and Nicholson discloses, 
44. (currently amended) The method system of claim 10, further comprising:
Feericks further discloses,
implementing a virtualization assistance layer (VAL) of software that runs within the same protection domain as the guest virtual machine but is not directly accessible by the guest. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS.)


Regarding claim 48, the combination of Freericks, Astete and Nicholson discloses, 
48. (currently amended) The method system of claim 10, wherein:
Feericks further discloses,
the plurality of guest operating system virtual machine protection domains includes corresponding guest operating systems; and (Freericks: Fig. 1; [0039], [0044], [0047]; security module (VAL) in each guest OS protects the guest OS in a virtualization environment or hypervisor.)
wherein isolating the loss of security in one of the guest operating system virtual machine protection domains to the one lost security domain such that security is not broken in all the domains. (Freericks: Fig. 1; [0039], [0047]; security module (VAL) in each guest OS protects the guest OS and communicates with the virtualization environment security module, not the guest OS, after identifying malware executing in guest OS (detection mechanism) and guest OS is protected from on another.)


Regarding claim 52, the combination of Freericks, Astete and Nicholson discloses, 
52. (currently amended) The method system of claim 10, 
Feericks further discloses,
wherein one or more detection mechanisms include one or more subcomponents and/or subroutines configured for monitoring actions of the guest operating system including observation, detection, and/or tracking of code, data, execution flow, and/or resource utilization at runtime. (Freericks: Fig. 1; [0039], [0047]; security module (subcomponent) in each guest OS protects the guest OS and communicates with the virtualization environment security module after identifying malware executing in guest OS (detection mechanism).)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Morris; James et al.	USPAT	US 9213566 B2	Implementing security in process-based virtualization
Sharif; Monirul Islam et al.	USPAT	US 9129106 B2	Systems and methods for secure in-VM monitoring

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571)272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435