DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is responsive to Applicant’s Amendment filed on 6/6/2022.
Claims 1-20 are presented for examination. Claims 1, 10 and 14-15 have been amended. 

Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirely as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same,  and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claim 15 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.

Regarding to Claim 15, the claimed limitation “wherein the introspection channel includes an encrypted connection between the runtime and a hypervisor” at lines 1-2 is new matter that does not supported by the original specification. First of all, the specification does mention or support the introspection channel includes or is an encrypted connection. However, there is no support or description for such encrypted connection is between the runtime and a hypervisor. Such as, [0017] recites “In an example, the introspection channel may be in the form of an encrypted connection between the runtime and the owner. Once the introspection channel is established, the runtime is supplied introspection commands. For example, the owner may supply introspection commands through the introspection channel”, emphasis added. [0031] and [0039] also contain similar language or description. None of those paragraphs from the specification provide description for the claimed introspection channel includes or is an encrypted connection between the runtime and the hypervisor; Figs. 2 and 7 even show the introspection channel is established between the owner and the runtime instead of between the runtime and the hypervisor or supervisor (the only connection or communication between the hypervisor or supervisor and the runtime from Fig. 2 is the hypervisor provides pattern 250 to the runtime instead of the hypervisor provides the introspection commands to the runtime as required by the claim). Thereby, the claimed limitation “wherein the introspection channel includes an encrypted connection between the runtime and a hypervisor” at lines 1-2 is rejected as new matter that lacks support from the specification.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 15 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding to Claim 15, the meaning of “wherein the introspection channel includes an encrypted connection between the runtime and a hypervisor, and wherein the hypervisor is configured to supply the introspection commands to the runtime”. First of all, Claim 15 depends on Claim 14 and Claim 14 describes the claimed introspection commands as “receive introspection commands through an introspection channel, wherein the introspection channel is created between the runtime and the owner”. Using Fig. 2 of the invention for a better explanation, Claim 14 requires claimed introspection commands are received via introspection channel 270 and this introspection channel 270 is created to connect owner 220 and runtime 193. However, Claim 15 requires such claimed introspection commands are supplied by supervisor or hypervisor 205. It is not clear how the invention is able to perform features of the introspection commands are received via the introspection channel that connects the owner and runtime but at the same time the introspection commands are supplied by the hypervisor or supervisor that is not owner. If what the limitation mentioned above is the hypervisor or supervisor 205 supplies the introspection commands to the owner 220 and then the owner 220 supplies such introspection commands to the runtime 193 via the introspection channel 270, Applicant is suggested to provide the support for such feature from the submitted specification; in addition, it is not clear whether such feature would be better to be described as it is the owner to supply the introspection commands or it is the hypervisor to supply the introspection commands. Furthermore, as explained by the 112(a) rejection mentioned above, [0017] and [0031] (the descriptions for Fig. 2) exactly describes “The introspection channel 270 may provide an encrypted connection between the owner 220 and the runtime 193 and the owner 220 may pass introspection commands (e.g., commands to look for specific patterns 250 in memory accessing code) to the runtime 193”; Fig. 7 and [0052] clearly show “the owner 764 may provide introspection commands 754A-B through the channel 768”. Thereby, the meaning of the limitation mentioned above is not clear in view of Claim 14.
For the purpose of examination, examiner interprets the limitation as the following: wherein the introspection channel includes an encrypted connection between the runtime and the owner, and wherein the owner is configured to supply the introspection commands to the runtime.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  

Regarding to Claim 1, Claim 1 is a system claim and recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “validate at least one memory access associated with the workload” and “determine a status of a result of the introspection command, wherein the status is one of a failure status and a success status”). Steps/actions performed mentally or with a pen or paper have been found by the courts to be abstract.
The additional limitations like “a memory”, “a processor”, “a hypervisor”, “a trusted execution environment”, “a workload”, “a runtime executing the workload”, “the runtime”, “an introspection module” and “execute an introspection command” are merely citing a computer or computer components to perform the abstract idea. Such additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole.
Thereby, Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
 
Claims 2-9 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
In addition for each of Claim 2-3 and 7-9, the further limitations from each claims are specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, those claims are also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition for claim 4, similar as Claim 1, the limitation “compare that at least one memory access to the predetermined pattern” is step/action to be performed mentally (like evaluation, judgement, opinion) that is considered as abstract idea by the courts. The additional limitation “an instruction” is merely applying the abstract idea by a computing device. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 4 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition for Claim 5, the further limitations is specifying some additional context of the step/action that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, Claim 5 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition for Claim 6, the additional limitation “an encrypted virtual machine” is merely citing a computer component to perform the abstract idea. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 6 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Regarding to Claim 10, similar as Claim 1, Claim 10 recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “validate at least one memory access associated with the workload” and “determining … a status of a result of the introspection command, wherein the status is one of a failure status and a success status”).
The additional limitation like “provisioning a trusted execution environment (TEE) with a workload for execution within a runtime” is merely generally linking the use of the judicial exception to a particular technical environment or filed of use, i.e., performing the abstract idea on the TEE. Other additional limitations “executing, within the runtime, an introspection command according to an introspection policy” and “determining, within the runtime” are merely citing a computer or computer components to perform the abstract idea. Such two types of additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole.
Thereby, Claim 10 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Claims 11-13 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
In addition to Claims 11, the additional limitation “supplying … introspection command to the TEE” is merely a generic computing function of supplying command instruction to a computing component. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 11 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition to Claim 12, the additional limitation “stop execution of the TEE” is merely a generic computing function of stopping execution of a computing component. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 12 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition to Claim 13, similar as Claim 10, the limitation “compare that at least one memory access to the predetermined pattern” is step/action to be performed mentally (like evaluation, judgement, opinion) that is considered as abstract idea by the courts. The additional limitation “the failure status indicates that the at least one memory access matches a predetermined pattern” is specifying some additional contexts of the step/action that is considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitation “an instruction” is merely applying the abstract idea by a computing device. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 13 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Regarding to Claim 14, similar as Claim 1, Claim 10 recites steps/actions to be performed mentally (like evaluation, judgement, opinion) or with a pen or paper (i.e., limitations of “receive introspection commands”, “validate at least one memory access associated with the workload” and “determining … a status of a result of the introspection command, wherein the status is one of a failure status and a success status”).
The additional limitations like “a memory”, “a processor”, “a trusted execution environment”, “a runtime executing the workload within the TEE”, “introspection channel is created between the runtime and the owner” and “execute the introspection commands” are merely citing a computer or computer components to perform the abstract idea. The other additional limitation like “load a pre-generated memory accessing code into the TEE” is merely citing a generic computing function of loading codes/instructions to the execution environment for executions performed by a generic computer device. Such two types of additional limitations are not indicative of integration of the abstract into a practical application for the claim as a whole. In this way, the claim is directed to abstract idea at step 2A analysis of 2019 PEG.
For step 2B analysis of 2019 PEG, the additional limitations mentioned above are not indicative of an inventive concept for the claim as a whole.
Thereby, Claim 14 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Claims 15-20 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
In addition to Claim 15, the additional limitations “encrypted connection” and “a hypervisor” are merely citing a computer or computer components to perform the abstract idea. The additional limitation “supplying the introspection command to the runtime” is merely a generic computing function of supplying command instruction to a computing component. Such two types of additional limitations are neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 11 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition to each of Claims 16-18, the further limitations from each claims are specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, those claims are also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition to Claim 19, the further limitation “the failure status indicates … matches a predetermined patterns” is specifying some additional contexts of the steps/actions that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. The additional limitation “stop execution of the TEE” is merely a generic computing function of stopping execution of a computing component. Such additional limitation is neither indicative of integration of the abstract into a practical application for the claim as a whole nor indicative of an inventive concept for the claim as a whole. Thereby, Claim 19 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In addition for Claim 20, the further limitations is specifying some additional context of the step/action that are considered as abstract idea. Such further limitations do not change the nature of the abstract idea. Thereby, Claim 20 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-5, 8-10 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US 9596261 B1, Lukacs) in view of Frank et al. (US 20180285561 A1, hereafter Frank).
Lukacs and Frank were cited on the previous office action.

Regarding to Claim 1, Lukacs discloses: 1. A system comprising:
a memory; a processor in communication with the memory (see Figs. 1, 4, lines 31-39 of col. 6 and lines 67-4 of col. 10-11, “Controller hub 24 generically represents the plurality of system, peripheral, and/or chipset buses, and/or all other circuitry enabling the communication between processor 12 and devices 14, 16, 18, 20 and 22” );
a hypervisor (see Figs. 2A-2C, lines 45-51 of col. 6; “host system 10 uses hardware virtualization technology to operate a set of guest virtual machines 52 a-b exposed by a hypervisor 50”); and
a trusted execution environment (TEE), wherein the TEE is provisioned with a workload and includes a runtime executing the workload, wherein the runtime (see Fig. 2A-2C, lines 48-55 of col. 21; “The computer security module may execute outside the protected VMs (for instance, at the level of a hypervisor) or inside the protected VM”, emphasis added. The trusted/protected VM, i.e., claimed trusted execution environment, was provisioned with a computer security module, i.e., claimed workload that includes the CSM 60. Also see lines 61-2 of cols. 7-8, “Software such as CSM 60” at line 35 of col. 13, “software such as the security module” at line 44 of col. 23; no matter outside the protected VMs or inside the protected VM, the CSM 60 is certain code object or software application executed on the device, and thus it is inherently to have a runtime included by the protected VM to execute the workload or the CSM 60 when the CSM 60 is implemented inside the protected VM. Note: the claimed runtime according to [0023] from the specification is “a software module or environment that supports execution, such as application execution, code execution, command execution, etc.”. Thereby the execution of CSM 60 inside the protected VM would require the supporting software module or environment, i.e., claimed runtime) is configured to:
execute an introspection command, the introspection command configured to validate at least one memory access associated with the workload (see Fig. 11, lines 3-23 of col. 8 and lines 13-30 of col. 18; “The term “introspection” is used herein to denote activities performed by CSM 60 … determining whether software executing within the respective VM performs certain actions, such as executing certain processor instructions, accessing certain hardware resources, using certain services of the OS, accessing certain memory locations” and “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM”), and
determine a status of a result of the introspection command, wherein the status is one of a failure status and a success status (see Fig. 11, lines 20-30 of col. 18; “When CSM 60 determines that the current trigger event is not indicative of a threat … When the current trigger event indicates a threat … include alerting a system administrator and/or a user of the monitored guest VM”. The status of the result of the introspection command includes one of not indicative of a threat and indicative of a threat).

Lukacs does not disclose: execute an introspection command according to an introspection policy.
However, Frank discloses: execute a memory access related command according to a memory accessible policy (see [0041]-[00043]; “detect execution of code that resides in the guest OS user space 114 by the code running in kernel mode, a CPU security feature such as Intel SMEP” and “The page's owner flag defines if this page can be accessed, that is, if a page belongs to the OS kernel which is executed in a supervisor mode, the page cannot be accessed from a user-mode application”. The commands to access memory locations are executed according to a policy that indicates which memory location of the guest/VM is allowable to be accessed for the commands. Also see “the shadow page table entry (SPTE) describing a guest address” from [0016]).
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the executions of the introspection commands from Lukacs by including using memory accessible policy to enforce executions of memory access commands from Frank, and thus the combination of Lukacs and Frank would disclose the missing limitation from Lukacs (note: see lines 3-23 of col. 8 from Lukacs, the introspection commands are also considered as memory access commands to access certain addresses/locations of the VM memory to gather information, and thus it is reasonable to apply the CPU security feature such as Intel SMEP discussed from Frank to Lukacs to disclose the missing limitations) since it would provide a mechanism of avoiding the requested command to access improper locations/addresses/pages (see [0041]-[0043] from Frank) .

Regarding to Claim 2, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the failure status indicates that the at least one memory access matches a predetermined pattern (see lines 13-30 of col. 18 from Lukacs and [0012] from Frank; “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM … the current trigger event indicates a threat” and “analyzing the exploitation patterns against predetermined malicious or potentially malicious patterns, to determine whether the exploitation patterns from the instructions is malicious or potentially malicious”).

Regarding to Claim 4, the rejection of Claim 2 is incorporated and further the combination of Lukacs and Frank discloses: wherein the introspection command includes an instruction to compare the at least one memory access to the predetermined pattern (see lines 13-30 of col. 18 from Lukacs and [0012] from Frank; “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM … the current trigger event indicates a threat” and “analyzing the exploitation patterns against predetermined malicious or potentially malicious patterns, to determine whether the exploitation patterns from the instructions is malicious or potentially malicious”).

Regarding to Claim 5, the rejection of Claim 4 is incorporated and further the combination of Lukacs and Frank discloses: wherein the predetermined pattern includes a pattern of at least one of memory reads from the memory, memory writes to the memory, URLs visited by the workload, files accessed by the workload, messages sent by the workload, types of data read from the memory, and types of data written to the memory (see lines 3-23 of col. 8 and lines 13-30 of col. 18 from Lukacs; “introspection comprise determining memory addresses used by various software objects executing within the respective VM, and/or controlling access to a memory location indicated by such addresses. In some embodiments, CSM 60 uses information obtained via introspection to determine whether certain software objects within the respective VM are malicious” and “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM”).

Regarding to Claim 8, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the introspection policy specifies which parts of the TEE are exposed to the introspection command or the introspection module, and the introspection policy grants the introspection module read access to a first portion of memory (see lines 3-23 of col. 8 from Lukacs, [0016], [0041]-[0043] from Frank; “the shadow page table entry (SPTE) describing a guest address” and “The page's owner flag defines if this page can be accessed”. Note: as explained at Claim 1, the combination of Lukacs and Frank would disclose applying the SPTE for the introspection command).

Regarding to Claim 9, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the introspection policy specifies at least one (i) an address the introspection module has access to and (ii) an accelerator that the introspection module has access to (see lines 3-23 of col. 8 from Lukacs, [0016], [0041]-[0043] from Frank; “the shadow page table entry (SPTE) describing a guest address” and “The page's owner flag defines if this page can be accessed”. Note: as explained at Claim 1, the combination of Lukacs and Frank would disclose applying the SPTE for the introspection command).

Regarding to Claim 10, Claim 10 is rejected for the same reason set forth in the rejection of Claim 1 above.

Regarding to Claim 12, the rejection of Claim 10 is incorporated and further the combination of Lukacs and Frank discloses: responsive to determining the status is the failure status, stopping execution of the TEE (see lines 23-30 of col. 18 from Lukacs; “blocking or quarantining the respective process, or otherwise preventing the respective process from executing”).

Regarding to Claim 13, the rejection of Claim 10 is incorporated and further Claim 13 is a method claim corresponds to system Claims 2 and 4 and is rejected for the same reasons set forth in the rejections of Claims 2 and 4 above.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US 9596261 B1, Lukacs) in view of Frank et al. (US 20180285561A1, hereafter Frank) and further in view of Tsirkin et al. (US 20190068555 A1, hereafter Tsirkin).
Lukacs, Frank and Tsirkin were cited on the previous office action.

Regarding to Claim 3, the rejection of Claim 2 is incorporated, the combination of Lukacs and Frank does not disclose: wherein the hypervisor is configured to provide the predetermined pattern to the TEE.
However, Tsirkin discloses: after the virtual machine determines which operation contains threat, the hypervisor is configured to create filter rule containing predetermined pattern of threat and provide such filter rule for future threat determinations (see [0021]).
  It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the process of determining threat for virtual machine memory access event from the combination of Lukacs and Frank by including utilizing hypervisor to generate filtering rule represents threat patterns for future threat determination from Tsirkin, and thus the combination of Lukacs, Frank and Tsirkin discloses the missing limitations from the combination of Lukacs and Frank (see Fig. 12 and lines 39-25 of cols. 18-19 from Lukacs, Lukacs also discusses utilizing certain filters during determining threat or during performing the introspection command; however such filters are provided by the CSM which is located at VM itself. By applying the features from Tsirkin, the filter rules can further includes the threat patterns determined by previous introspection commands/operations that are generated by a hypervisor that in generally has higher privilege level than the individual virtual machines), since it would provide enhanced filter information that are generated from hypervisor to help to determine future threats (see [0021] from Tsirkin).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US 9596261 B1, Lukacs) in view of Frank et al. (US 20180285561A1, hereafter Frank) and further in view of Faynberg et al. (US 20170063801 A1, hereafter Faynberg).
Lukacs, Frank and Faynberg were cited on the previous office action.

Regarding to Claim 6, the rejection of Claim 1 is incorporated and further the combination of Lukacs and Frank discloses: wherein the TEE is an protected virtual machine (see Fig. 2 and lines 23-25 of col. 8 from Lukacs; “delivering introspection notifications from software executing within a protected VM”).
The combination of Lukacs and Frank does not disclose the protected virtual machine is an encrypted virtual machine.
However, Faynberg discloses: a trusted execution environment or a protected virtual machine is an encrypted virtual machine (see [0018] and [0034]; “The two exemplary virtual machines 510-1 and 510-2 are implemented using a hypervisor 520 and communicate over an encrypted pipe 535”).
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the protected VMs from the combination of Lukacs and Frank by including protected VMs being encrypted VMs from Faynberg, and thus the combination of Lukacs, Frank and Faynberg would disclose the missing limitation from the combination of Lukacs and Frank, since an encrypted virtual machine is one of the many well-known and understood types of protected VM.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US 9596261 B1, Lukacs) in view of Frank et al. (US 20180285561A1, hereafter Frank) and further in view of Black et al. (US 10649744 B1, hereafter Black) and Raduchel et al. (US 20190253523 A1, hereafter Raduchel).
Lukacs, Frank, Black and Raduchel were cited on the previous office action.

Regarding to Claim 7, the rejection of Claim 1 is incorporated, the combination of Lukacs and Frank does not disclose: wherein the introspection command is provided to the introspection module through an introspection channel, and wherein the introspection channel is an encrypted connection.
However, Black discloses: an introspection command is provided to an introspection module (see lines 53-58 of col. 8 and lines 53-55 of col. 20 “a user can issue a command to invoke an introspection function on a programming construct (e.g., a class or package)”).
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the triggering of the performing introspection function from the combination of Lukacs and Frank by including method of manually triggering execution of the introspection function from Black, since automatic triggering execution of a coded function and manually triggering execution of the coded function are two well-known and understood mechanism in computing fields, adding the ability of manually triggering in addition to automatic triggering would provide flexibility of the system.

Furthermore, Raduchel discloses: a communication channel between user/client and a guest/virtual machine is an encrypted connection (see [0030]; “Each running container may be metered to allow a specified amount of processing power and may facilitate encrypted communications between the user device and the server-side virtual machine processes. In addition, the data for each container may be encrypted to prevent unauthorized use”). 
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the communication network between user/client and guest/virtual machine from the combination of Lukacs, Frank and Black by including encrypted communication between user device and virtual machines from Raduchel, and thus the combination of Lukacs, Frank, Black and Raduchel would disclose the missing limitations from the combination of Lukacs and Frank, since an encrypted communication is able to prevent unauthorized use (see [0030] from Raduchel).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US 9596261 B1, Lukacs) in view of Frank et al. (US 20180285561A1, hereafter Frank) and further in view of Mueller et al. (US 20210311757 A1, hereafter Mueller).
Lukacs, Frank and Mueller were cited on the previous office action.

Regarding to Claim 11, the rejection of Claim 10 is incorporated, the combination of Lukacs and Frank does not disclose: further comprising supplying, by one of a hypervisor and a supervisor, the introspection command to the TEE.
However, Mueller discloses: supplying, by one of a hypervisor and a supervisor, the introspection command to the virtual execution environment (see Fig. 2, [0014] and [0020]; “pod VM agent 136 of pod VM 130 in which containers 132 are running opens an HTTP based channel and listens for introspection commands that hypervisor 150 (in particular, pod VM controller 154) transmits on that channel”).
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the triggering of the performing introspection function from the combination of Lukacs and Frank by including method of manually triggering execution of the introspection function via the hypervisor as proxy to transmit the introspection command from Mueller, and thus the combination of Lukacs, Frank and Mueller discloses the missing limitations from the combination of Lukacs and Frank, since automatic triggering execution of a coded function and manually triggering execution of the coded function are two well-known and understood mechanism in computing fields, adding the ability of manually triggering in addition to automatic triggering would provide flexibility of the system.

Claims 14-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US 9596261 B1, Lukacs) in view of Dwyer (US 20190188282 A1), Black et al. (US 10649744 B1, hereafter Black) and Raduchel et al. (US 20190253523 A1, hereafter Raduchel).
Lukacs, Dwyer, Black and Raduchel were cited on the previous office action.

Regarding to Claim 14, Lukacs discloses: A system comprising:
a memory; a processor in communication with the memory (see Figs. 1, 4, lines 31-39 of col. 6 and lines 67-4 of col. 10-11, “Controller hub 24 generically represents the plurality of system, peripheral, and/or chipset buses, and/or all other circuitry enabling the communication between processor 12 and devices 14, 16, 18, 20 and 22”);
a trusted execution environment (TEE), wherein the TEE is provisioned with a workload (see Fig. 2A-2C, lines 48-55 of col. 21; “The computer security module may execute outside the protected VMs (for instance, at the level of a hypervisor) or inside the protected VM”, emphasis added. The trusted/protected VM, i.e., claimed trusted execution environment, was provisioned with a computer security module, i.e., claimed workload); and
a runtime executing the workload within the TEE (see Figs. 2A-2C, lines 3-23 of col. 8, lines 13-30 of col. 18 and lines 48-55 of col. 21. Also see lines 61-2 of cols. 7-8, “Software such as CSM 60” at line 35 of col. 13, “software such as the security module” at line 44 of col. 23; no matter outside the protected VMs or inside the protected VM, the CSM 60 is certain code object or software application executed on the device, and thus it is inherently to have a runtime included by the protected VM to execute the workload or the CSM 60 when the CSM 60 is implemented inside the protected VM. Note: the claimed runtime according to [0023] from Applicant’s specification is “a software module or environment that supports execution, such as application execution, code execution, command execution, etc.”. Thereby the execution of CSM 60 inside the protected VM would require the supporting software module or environment, i.e., claimed runtime), wherein the runtime is configured to:
load a pre-generated memory accessing code into the TEE (lines 3-23 of col. 8 and lines 13-30 of col. 18; “determining whether software executing within the respective VM performs certain actions, such as executing certain processor instructions, accessing certain hardware resources, using certain services of the OS, accessing certain memory locations”. Note: claimed pre-generated memory accessing code here is a very broad terms, any memory accessing code/request/command/instruction can be considered as pre-generated if such code/request/command/instruction is generated before performing the corresponding memory accessing),
receive introspection commands (see Fig. 11, lines 3-23 of col. 8 and lines 13-30 of col. 18; “determining whether software executing within the respective VM performs certain actions, such as executing certain processor instructions, accessing certain hardware resources, using certain services of the OS, accessing certain memory locations”),
execute the introspection commands, wherein the introspection commands are configured to validate a memory access in the pre-generated code (see Fig. 11, lines 3-23 of col. 8 and lines 13-30 of col. 18; “determining whether software executing within the respective VM performs certain actions, such as executing certain processor instructions, accessing certain hardware resources, using certain services of the OS, accessing certain memory locations” and “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM”), and
determine a status of a result of the introspection commands, wherein the status is one of a failure status and a success status (see Fig. 11, lines 20-30 of col. 18; “When CSM 60 determines that the current trigger event is not indicative of a threat … When the current trigger event indicates a threat … include alerting a system administrator and/or a user of the monitored guest VM”. The status of the result of the introspection command includes one of not indicative of a threat and indicative of a threat).
 
Lukacs does not disclose: wherein the code is supplied by an owner; receive introspection commands through an introspection channel, wherein the introspection channel is created between the runtime and the owner.
However, Dwyer discloses: a pre-generated memory accessing code is supplied by an owner (see [0052]; “SQLite is an embedded database that can read/write to its memory space and/or a disk file, no separate server process(es) is needed. WebAssembly is an example of a low level bytecode format for in-browser client-side scripting, hence the ability to implement the client-side data analysis artifact in a client-side application (e.g., a web browser, tab of a web browser, etc.). A toolchain can be used to compile C/C++ (e.g., SQLite, RDBMS) into WebAssembly, allowing the local, embedded database to be implemented in, e.g., a web browser tab, along with any visualization tools”. Also see [0043]; “a data analysis query interface with which a user may input a query”).
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the memory accessing code/request from Lukacs by including user-defined query code from Dwyer, since it would provide enhanced commands or requests based on user’s or customer’s need via user’s defined code.

In addition, Black discloses: receive introspection commands through an introspection channel (see lines 53-58 of col. 8 and lines 53-55 of col. 20; “a user can issue a command to invoke an introspection function on a programming construct (e.g., a class or package)”).
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the triggering of the performing introspection function from the combination of Lukacs and Dwyer by including method of manually triggering execution of the introspection function from Black, since automatic triggering execution of a coded function and manually triggering execution of the coded function are two well-known and understood mechanism in computing fields, adding the ability of manually triggering in addition to automatic triggering would provide flexibility of the system.

Furthermore, Raduchel discloses: a communication channel is created between the runtime and the owner (see [0030]; “Each running container may be metered to allow a specified amount of processing power and may facilitate encrypted communications between the user device and the server-side virtual machine processes. In addition, the data for each container may be encrypted to prevent unauthorized use”). 
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the communication protocol between user/client and guest/virtual machine from the combination of Lukacs, Dwyer and Black by including encrypted communication between user device and virtual machines from Raduchel, and thus the combination of Lukacs, Dwyer, Black and Raduchel would disclose the missing limitations from Lukacs, since an encrypted communication is able to prevent unauthorized use (see [0030] from Raduchel).

Regarding to Claim 15, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the introspection channel is an encrypted connection (see [0030] from Raduchel), and wherein a hypervisor is configured to supply the introspection commands to the runtime (see lines 53-58 of col. 8 and lines 53-55 of col. 20 from Black; “a user can issue a command to invoke an introspection function on a programming construct (e.g., a class or package)”).

Regarding to Claim 16, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the pre-generated memory accessing code is bytecode ([0052] from Dwyer; “SQLite is an embedded database that can read/write to its memory space and/or a disk file, no separate server process(es) is needed. WebAssembly is an example of a low level bytecode format for in-browser client-side scripting, hence the ability to implement the client-side data analysis artifact in a client-side application (e.g., a web browser, tab of a web browser, etc.). A toolchain can be used to compile C/C++ (e.g., SQLite, RDBMS) into WebAssembly, allowing the local, embedded database to be implemented in, e.g., a web browser tab, along with any visualization tools”).

Regarding to Claim 17, the rejection of Claim 16 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the bytecode is one of WebAssembly bytecode and Berkeley Packet Filter (BPF) bytecode ([0052] from Dwyer; “SQLite is an embedded database that can read/write to its memory space and/or a disk file, no separate server process(es) is needed. WebAssembly is an example of a low level bytecode format for in-browser client-side scripting, hence the ability to implement the client-side data analysis artifact in a client-side application (e.g., a web browser, tab of a web browser, etc.). A toolchain can be used to compile C/C++ (e.g., SQLite, RDBMS) into WebAssembly, allowing the local, embedded database to be implemented in, e.g., a web browser tab, along with any visualization tools”).

Regarding to Claim 19, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein a hypervisor is configured to stop execution of the TEE responsive to the runtime determining the status is the failure status (see lines 23-30 of col. 18 from Lukacs; “blocking or quarantining the respective process, or otherwise preventing the respective process from executing”), and wherein that the at least one memory access matches a predetermined pattern (see lines 13-30 of col. 18 from Lukacs; “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM … the current trigger event indicates a threat”).

Regarding to Claim 20, the rejection of Claim 19 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel discloses: wherein the predetermined pattern includes a pattern of at least one of memory reads from the memory, memory writes to the memory, URLs visited by the workload, files accessed by the workload, messages sent by the workload, types of data read from the memory, and types of data written to the memory (see lines 3-23 of col. 8 and lines 13-30 of col. 18 from Lukacs; “introspection comprise determining memory addresses used by various software objects executing within the respective VM, and/or controlling access to a memory location indicated by such addresses. In some embodiments, CSM 60 uses information obtained via introspection to determine whether certain software objects within the respective VM are malicious” and “corroborating the current event with other facts, e.g., a history of previous introspection notifications received from the same guest process and/or the same guest VM”).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (US 9596261 B1, Lukacs) in view of Dwyer (US 20190188282 A1), Black et al. (US 10649744 B1, hereafter Black) and Raduchel et al. (US 20190253523 A1, hereafter Raduchel) and further in view of McMullen (US 20210136080 A1).
Lukacs, Dwyer, Black, Raduchel and McMullen were cited on the previous office action.

Regarding to Claim 18, the rejection of Claim 14 is incorporated and further the combination of Lukacs, Dwyer, Black and Raduchel does not disclose: wherein the code is native code.
However, McMullen discloses: a pre-generated memory accessing code is native code (see [0017]; “(The isolation resources may be referred to as virtual machines or virtual nodes in some scenarios.) The context includes, for example, an address pointer or range of addresses that correspond to the isolation resource allocated for use by the customer application's native code. The isolation runtime then calls that native code and passes the context to it. The native code begins to execute and in so doing, may attempt to access a memory location that has yet to receive a copy of the required data”).
It would have been obvious to one with ordinary skill, in the art before the effective filing date of the claim invention, to modify the pre-generated memory accessing code from the combination of Lukacs, Dwyer, Black and Raduchel by including pre-generated memory accessing native code from McMullen, since it would provide a method of not only being able to provide user’s code but also being able to provide native code of user’s application to describe memory access request or command to provide flexibility on the system.

Response to Arguments
Applicant’s arguments, filed 6/6/2022, with respect to rejection of Claim 15 under 35 U.S.C. 112 (b) have been full considered but they are not persuasive.

Applicant’s arguments at page 7 are summarized as the following:
“[A]s discussed during the interview, claim 15 as amended clarifies that ‘the introspection channel includes an encrypted connection between the runtime and a hypervisor.’ Applicant respectfully submits that these amendments overcome the rejection under § 112” (see 3rd paragraph from the Remarks).

The examiner respectively disagrees.
First of all, there is no agreement on the integration of Claim 15 during the interview, see Interview Summary (paper# 20220518) mailed by 5/23/2022. During the interview and the statement from this particular Remarks (see 1st and 3rd paragraph from the Remarks), Applicant stated that [0017] as support from the specification clearly describes the feature as required by current Claim 15, i.e., the introspection channel includes or is an encrypted connection between the runtime and a hypervisor, and the hypervisor to supply the introspection commands to the runtime. As explained at the corresponding 112(a) and 112(b) rejections above, current Claim 15 contains claim limitation does not supported by the specification and does not having clear meaning in view of the specification and Claim 14 (the parent claim of Claim 14). The actual related language from [0017] of the specification is “For example, the owner may supply introspection commands through the introspection channel. In another example, the hypervisor or supervisor may supply introspection commands through the introspection channel”. At the description, the specification provides two different examples separately (there is nothing from the specification that such two different examples can be integrated into single embodiment or example as required by the plain meaning of current Claim 15). The every and all descriptions from [0017] at most provide features of there is an introspection channel is established between the owner and the runtime, such introspection channel includes or is an encryption connection between the runtime and the owner for the owner to supply the introspection commands through the introspection channel; in addition, at another example or embodiment that the hypervisor or supervisor supplies the introspection commands through the introspection channel. However, for the feature of “another example”, it is silent that whether such introspection channel for the hypervisor supplies the introspection commands also includes or is an encryption connection; it is also silent that whether the hypervisor directly supplies the introspection commands to the runtime via the introspection channel without any intermediate object OR the hypervisor supplies the introspection commands to the owner then the owner supplies/forwards the received introspection commands to the runtime via the introspection channel.    
Therefore, Claim 15 is rejected. 

Applicant’s arguments, filed 6/6/2022, with respect to rejections of Claims 1-20 under 35 U.S.C. 101 have been full considered but they are not persuasive.

Applicant’s arguments at pages 6-7 are summarized as the following:
Applicant stated that “the claims recite an improvement to the functioning of a computer and accordingly integrate any asserted abstract idea into a practical application”. To be more specific, Applicant stated that the “introspection services required either a hardware sandbox or a software sandbox, which are not sufficiently secure for many workloads executing on TEEs”; however, the “claimed system uses a separate runtime executing within a TEE, rather than executing directly on the TEE itself, to enable improved introspection services without comprising the security of the workload while in operation” (see 2nd paragraph of page 7 from the Remarks).

The examiner respectively disagrees.
According to [0023] from the specification, the claimed runtime is “a software module or environment that supports execution, such as application execution, code execution, command execution, etc.”, it means even if “executing directly on the TEE itself”, such implementation would also require a runtime of the TEE to execute such introspection services; in this way, the current independent claims can be still considered as executing directly on the TEE itself that the TEE itself is considered as claimed runtime. Thereby, the claims do not expressly incorporate the improvements that Applicant argued about. Furthermore, if the current claims do actually require or implement “uses a sperate runtime executing within a TEE” for executing the introspection service, then it is not clear that the reason that Applicant would argue that CSM from reference Lukacs which is mapped to the introspection service from Applicant’s invention is executing within a runtime that is separated from the applications 56e, 56f at pages 8-9 of the same Remarks (if reference Lukacs does really executing the CSM, i.e., the introspection service from Applicant’s invention, in a runtime that is separately from the applications 56e, 56f, then it is “uses a sperate runtime executing within a TEE, rather than executing directly on the TEE itself” as Applicant argued here).
Therefore, Claims 1-20 are rejected. 

Applicant’s arguments, filed 6/6/2022, with respect to rejections of Claims 1-20 under 35 U.S.C. 103 have been full considered but they are not persuasive.

Applicant’s arguments at pages 7-9 are summarized as the following:
“the CSM is not described as executing within the same runtime as either of the applications 56e, 56f. Accordingly Lukasc does not disclose ‘a runtime executing the workload … [and] configured to execute introspection commands … and determine a status of a result of the introspection commands.’ Rather, the applications 56e, 56f execute separately from the CSM ” (see last two paragraphs at page 8 and first paragraphs at page 9 of the Remarks).

The examiner respectively disagrees.
First of all, Applicant’s logic at the augment is not clear to one with ordinary skill in the art. Applicant argued about the applications 56e and 56f from reference Lukacs are executed separated from the CSM. However, there is no requirement from the current independent claims for there is another software application executed within the same runtime that execute the introspection related function, i.e., there is feature from the current independent claims require the applications 56e and 56f should be executed within the same runtime executing the CSM or the applications 56e and 56f should be executed outside the same runtime executing the CSM. If the reason for Applicant to make the augments as provided by the Remarks is Applicant considered the claimed workload as the applications 56e and 56f, then Applicant is suggested to review the corresponding rejection from both of the previous and current Office Actions since examiner considered the claimed workload to include the CSM. Applicant is also suggested to review Fig. 6 and [0050] from Applicant’s specification; Fig. 6 and [0050] exactly provides embodiment of the claimed workload includes introspection module. Furthermore, even if Figs. 2C from reference Lukacs to shown CSM executing within a guest OS of a guest virtual machine but the applications 56e and 56f are not resided within the same guest OS, it does not necessary imply that the CSM is executing within a different runtime as the application 56e or 56f. Such as, according to Applicant’s Fig. 1, the introspection module 165A, App 198 A, App 198B and Runtime 193A are separated components as similar shown by Fig. 2C of Lukacs, then based on the same logic that Applicant made the argument, neither of the introspection module 165A, App 198A nor App 198B from Applicant’s invention is executed within the runtime 193A. Similarly, Applicant’s Fig. 2 shows either of bytecode 225 or executable 215 are resided outside of runtime 193 (then according to the same logic that Applicant made the argument, the executable 215 should be executed by runtime 193; however [0030] from Applicant’s specification describes that “the runtime 193 may execute the instructions of the executable 215” which conflicts with Applicant’s argument); Applicant’s Fig. 7 shows neither of workload 750 nor code 762 are within the runtime 760 (then according to the same logic that Applicant made the argument, workload 750 should not be executed by the runtime 760 which is conflict from the requirement of claims). In this way, one with ordinary skill in the art would not understand Applicant’s logic on the provided arguments.
Therefore, Claims 1-20 are rejected. 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHI CHEN whose telephone number is (571)272-0805.  The examiner can normally be reached on Monday-Friday 9:30AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on (571)272-3652.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Zhi Chen/
Patent Examiner, AU2196

/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196