Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
1.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

2.	Claims 1-25 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 15/179,734.  Although the conflicting claims are not identical, they are not patentably distinct from each other because claim 1 of copending Application No. 15/179,734 contain every element of claims 1-25 of the instant application and such anticipate claims 1-25 of the instant application.
3.	This is a provisional obviousness-type double patenting rejection since the conflicting claims have not yet been patented. The mapping of the rejected claims of the instant application to the copending application is as follows:
Claim 1 in the instant application #17/021,611 corresponds to claim 1 in the co-pending application #15/179,734. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-25 are rejected under 35 U.S.C. 103 as being unpatentable over Raghuram (US Patent Pub. 20130198797) in view of Sahita (US Patent Pub. 20070271360).


As per claims 1, 10 and 19: A cloud server for security health monitoring and attestation of virtual machines in cloud computing systems, comprising:
a virtual machine, a hypervisor, a plurality of network interface controllers, a plurality of random access memories, and a plurality of processing units (Paragraph 12; The cloud computing nodes 14, may include various servers, network devices, client devices, and so forth, wherein the nodes 14 may employ different operating system (OS) and/or hypervisor (e.g., VMM) protocols); and
Raghuram does not specifically disclose a monitor module for monitoring and gathering security measurement information and a trust module for secure storage of security measurement information, generating keys, and hashing and signing the security measurement information using cryptography operations.
Sahita discloses the firmware agent 102 may transmit the reports to the remote policy server 130 via the secure channel 132. For some embodiments, the reports may be cryptographically signed for authenticity and integrity. Any of cryptographic communication protection methods may be used. For example, a Secure Hash Algorithm (SHA) may be used to compute one or more cryptographic Hash messages for subsequent signing and tamper detection, an RSA engine may be used to sign the cryptographic Hash message, an Elliptic Curve Cryptographic (ECC) engine may be used to sign the cryptographic Hash message, and/or an optional advanced encryption standard (AES) may be used to encypt the messages to achieve confidentiality (Paragraph 40).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made, having the teachings of Raghuram and Sahita before him or her, to modify the scheme of Raghuram for wherein enabling remote device trust attestation by adopting Sahita’s scheme for Network vulnerability assessment. The motivation would have been to improve security health monitoring.
As per claims 2 and 11: The cloud server of claim 1, wherein the monitor module includes a tool located in the hypervisor of the cloud server for detecting and analyzing security vulnerabilities inside the virtual machine (Paragraph 12; a first node ("Node 1") 14a uses a first hypervisor protocol (e.g., " hypervisor protocol A") to manage a virtual machine environment on the first node 14a, a second node ("Node i") 14b uses a second hypervisor protocol (e.g., "hypervisor protocol j") to manage a virtual machine environment on the second node 14b, a third node ("Node N-1") 14c uses a third hypervisor protocol)..
As per claims 3 and 12: The cloud server of claim 1, wherein the monitor module includes a tool located in the hypervisor of the cloud server for detecting and analyzing security vulnerabilities outside the virtual machine (Paragraph 12; virtual machine environment).
As per claims 4, 13 and 20: The cloud server of claim 1, wherein the monitor module collects resource usage measurements for constructing empirical probability distributions (See Raghuram; Paragraph 12; The cloud computing nodes 14, may include various servers, network devices, client devices, and so forth, wherein the nodes 14 may employ different operating system (OS) and/or hypervisor (e.g., VMM) protocols).
As per claim 5, 14 and 21: The cloud server of claim 1, further comprising a module for gathering security measurement information from at least one of the following: the virtual machine running on the cloud server, a plurality of virtual machines running on the cloud server, and a plurality of virtual machines running on a plurality of cloud servers (See Raghuram; Paragraph 12; The cloud computing nodes 14, may include various servers, network devices, client devices, and so forth, wherein the nodes 14 may employ different operating system (OS) and/or hypervisor (e.g., VMM) protocols).
As per claim 6, 15 and 22: The cloud server of claim 1, further comprising of a plurality of trust evidence registers assessable by only the monitor module and the trust module (Paragraph 26; the one or more known values and the one or more digitally signed values include one or more of register values and log data).
As per claim 7, 16 and 23: The cloud server of claim 1 further comprising at least one long term public-private cryptography key-pair that uniquely identifies the server (Paragraph 53; Having physically separate space also allows storing long-term keys for secure communications and signing the reports. Thus the firmware agent 102 may be protected from tampering attempts by either the host platform device 101 itself, or by remote entities on the network 103). 
As per claim 8, 17 and 24: The cloud server of claim 7, wherein a new session specific cryptography key pair is created by the trust module whenever an attestation report is needed for the virtual machine (Paragraph 53).
As per claim 9, 18 and 25: The cloud server of claim 8, wherein the trust module generates accumulated cryptography hashes for each software module that is loaded into the server (See Raghuram; Paragraph 13; the trust authority service 12 includes one or more REST APIs 21 attestation server logic 20 that receives digitally signed communications (e.g., secure sockets layer/SSL communications) from the trust agents 22, wherein a certificate authority 24 may be used to verify digital signatures). 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANTHONY D BROWN/Primary Examiner, Art Unit 2433