DETAILED ACTION
 	Claims 1-21 are pending. This is in response to the application filed on July 26, 2020 which claims priority to a foreign application filed on June 1, 2020.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 5-10, 12-17 and 19-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Pub 20170249263 (hereinafter Tsirkin)

 	Regarding to claim 1, Tsirkin discloses a method in a virtualized computing environment to protect operating system (OS) kernel objects against modification by malicious code (Background), the method comprising: 
 	allocating, by a guest agent in a guest virtualized computing instance supported by a host in the virtualized computing environment, a memory space to store the OS kernel objects (Fig. 2, Steps 202-204 and par. [0025]-[0027] disclose allocation of memories in the guest ); 
 	detecting, by a guest monitoring mode (GMM) module at the host, creation of an OS kernel object by a guest OS of the virtualized computing instance (Step 204);
 	 in response to detecting the creation of the OS kernel object, migrating, by the GMM module, the created OS kernel object to one or more memory addresses of the allocated memory space (Fig. 2, Steps 206-210 and par. [0029]-[0034] disclose the Guest creating a second kernel in a reserved guest memory. This reserved kernel can only be accessed by the hypervisor. This second kernel will be used as the migration kernel); 
 	monitoring, by the GMM module, for at least one attempt to modify the OS kernel object in the one or more memory addresses of the allocated memory space (par. [0017] and [0040] discloses a kernel crash occurs in the Guest which can be triggered by a guest request);
 	 in response to the monitoring having detected a first attempt to modify the OS kernel object, checking, by the GMM module, reference information to determine whether the first attempt is authorized; and in response to a determination that the first attempt is unauthorized, initiating, by the GMM module, a remedial action to respond to the first attempt (Fig. 3, par. [0043]-[0052] disclose an attempted unauthorized execution by the Guest, the hypervisor access the second kernel to reboot while disable all Guest privileges).  

 	Regarding to claim 2, Tsirkin discloses wherein the GMM module resides in a hypervisor of the host (see claim1 rejection).  

 	Regarding to claim 3, Tsirkin  discloses wherein: detecting the creation of the OS kernel object includes detecting, by the GMM module, a call by the guest OS to a first function to create the OS kernel object, and a return of the first function to indicate completion of the creation of the OS kernel object, the OS kernel object is created by the first function in a first memory space in which attempts to modify the OS kernel object are untraceable by the GMM module (as presented in claim 1, the Guest performs the allocation of kernel spaces which implies some function calls such as system calls (par. [0032]) are used. Tsirkin discloses a crash happens which can be untraceable such as hardware failure, a fault from which the kernel cannot recover, a hang/lockup, an overflow of kernel memory, and so forth (par. [0017])), the allocated memory space includes a second memory space in which attempts to modify the OS kernel object are traceable by the GMM module (the Hypervisor is aware of the kernel crash caused by the Guest and knowing which memory space being accessed by the Guest), and migrating the created OS kernel object includes migrating, by the GMM module, the created OS kernel object from the first memory space to the second memory space (the second (e.g. migrated) kernel space is used after a crash).  

 	Regarding to claim 5, Tsirkin discloses wherein the one or more memory addresses of the allocated memory space includes a set of memory addresses in a pool of memory addresses of the allocated memory space (par. [0031]-[0033] discloses one or more memory addresses allocated in the Guest), and wherein the method further comprises:
 	in response to the monitoring having detected a second attempt to destroy the OS kernel object in the allocated memory space (a crash at the kernel can be viewed as an unusable/destroyed kernel);
 	awaiting, by the GMM module, a notification that the OS kernel object has been deleted from the set of memory addresses; and returning, by the GMM module after deletion of the OS kernel object from the set of memory addresses, the set of memory addresses to the pool of memory addresses in the allocated memory space (rebooting the Guest will release all memories allocated for the Guest. The Hypervisor manages all Guests, hence it is aware any memory is deleted when a Guest is rebooting).  

 	Regarding to claim 6, Tsirkin discloses in response to a determination that the first attempt is authorized, accepting, by the GMM module, modification of the OS kernel object (par. [0023] discloses some access privileges are allowed for the Guest).  

 	Regarding to claim 7, Tsirkin discloses wherein the remedial action includes one or more of: shutting down the guest OS, shutting down the virtualized computing instance, or sending an alert to a management server to enable further investigation of the first attempt (the Guest is rebooted after the crash).

	Claims 8-10 and 12-14 are rejected in view of claims 1-3 and 5-7 rejections respectively.
 	Claims 15-17 and 19-21 are rejected in view of claims 1-3 and 5-7 rejections respectively.

Allowable Subject Matter
Claims 4, 11 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRI M TRAN/Primary Examiner, Art Unit 2432