Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/6/202 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 8-13, & 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Xu et al. [hereinafter Xu] PG Pub US 2016/0147993 in view of Vincent Patent US 8,938,571 B1.

Regarding claim 1, Xu discloses:
allocating a first shared memory in a guest virtual address space of the client application, wherein the client application uses addressing of the guest virtual address space to access the first shared memory, wherein the client application executes in a virtual machine (VM) running on a host computer (FIG. 1 is a block diagram of a virtualized host server system 100 that enables secure communications between a guest virtual machine 120 and a service appliance 170 [0015] virtualization software 114 comprises a hypervisor configured to provide certain system services to guest VMs 120 [0015]), wherein the host computer runs a hypervisor that provides an execution environment for the VM (virtualization software 114 comprises a hypervisor configured to provide certain system services to guest VMs 120. The hardware subsystems may include, without limitation, computational resources, mass storage, a networking interface, input/output interfaces, a display controller, and power management functions [0017]), wherein the hypervisor comprises the filesystem server configured to provide an interface to a storage of the host computer (thin agent 139 is an in-guest driver that executes as part of guest OS 132 and provides an interface, including communications and access for certain system operations, to a service application 174 that executes as part of service appliance 170), wherein the filesystem server operates in a machine address space different than the guest virtual address space (Host sever system 100 carries out mappings from a guest virtual address space of guest VMs 120.sub.1-120.sub.N or any other applications running virtualization software 114 to a machine address space of memory (referred to herein as the “host physical address space”) using nested page tables 250 [0032]);
creating a shared memory channel between the client application and the filesystem server, the shared memory channel using the first shared memory, wherein the filesystem server uses addressing in the machine address space to access the first shared memory (Each guest VM 120 is further configured to support guest applications (apps) 113 and a thin agent 139. In one embodiment, thin agent 139 is an in-guest driver that executes as part of guest OS 132 and provides an interface, including communications and access for certain system operations, to a service application 174 that executes as part of service appliance 170 [0016] a shared memory message passing system may be implemented for communication between thin agents 139 and access libraries 172 [0019]); 
sending authentication information associated with the client application to the filesystem server (two separate authorized software applications may share a confidential passkey that the applications use to authenticate data transmissions [0002]); and 
submitting a command, to access the storage, in the shared memory channel from the client application to the filesystem server, the command including the authentication information (thin agent 139 and service application 174 share a security key to authenticate data packets that are communicated between thin agent 139 and service application 174 via multiplexer 159 and access library 172 [0021]).
It is noted that Xu failed to explicitly disclose:
allocating a first shared memory in a guest virtual address space of the client application.
However, Vincent discloses:
allocating a first shared memory in a guest virtual address space of the client application (upon initialization of a particular device driver in the guest domain, the guest driver requests the hypervisor to allocate a pool of memory buffers for performing I/O operations on that hardware device [Col. 2, Lines 18-30).
The systems of Xu and Vincent are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of “memory control.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the systems of Xu and Vincent since this would allow the guest application of Xu to allocate the shared memory to be used as a communication channel. This system would improve the low throughput, high latency and high latency jitter or secured environments [Col. 1, Lines 18-33]. 

Regarding claim 2 the limitations of this claim have been noted in the rejection of claim 1. Xu also discloses:
determining a first translation of the first shared memory from the guest virtual address space of the client application to a guest physical address space of the VM (nested page tables 250 is a page translation hierarchy that includes a stage 1: guest virtual address (VA) to guest physical address (PA) 252 [0032]); 
sending the first translation to the filesystem server ([0032] details the process of nested tables); and 
determining, by the filesystem server, a second translation of the first shared memory from the guest physical address space to the machine address space of the hypervisor (a stage 2: PA to machine address (MA) 254 [0032]).
It is noted that neither Xu failed to explicitly disclose:
initializing the first shared memory with metadata and a plurality of ring buffers.
However, Vincent discloses:
initializing the first shared memory with metadata and a plurality of ring buffers (when the paravirtualized driver 204 initializes itself inside the guest domain 104, the paravirtualized driver allocates a set of memory pages that the paravirtualized driver can share with the host domain 103 as the ring buffer 105. The ring buffer 105 is used as the primary channel to pass metadata about network packets or I/O operations [Col. 5 Lines 17-23].
The systems of Xu and Vincent are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of “virtual memory control.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the systems of Xu and Vincent since this would allow the driver of Xu to allocate memory and initialize it with metadata. This system would improve the low throughput, high latency and high latency jitter or secured environments [Col. 1, Lines 18-33]. 

Regarding claim 3 the limitations of this claim have been noted in the rejection of claim 1. Xu also discloses:
opening, by the client application, a file having a file identifier (thin agent 139 is an in-guest driver that executes as part of guest OS 132 and provides an interface, including communications and access for certain system operations, to a service application 174 that executes as part of service appliance 170 [0015]); and 
sending, to the filesystem server, the file identifier as at least a portion of the authentication information (The destination thin agent 139 or service appliance 170 may be identified using a TCP/IP (transport control protocol/internet protocol) address, a socket number, a VM identifier, or any other technically feasible identifier [0018]).

Regarding claim 4 the limitations of this claim have been noted in the rejection of claim 3. Xu also discloses:
sending, to the filesystem server, at least one additional identifier associated with the client application as at least another portion of the authentication information (Among other things, guest integrity module 149 works together with multiplexer 159 to forward data messages between at least one thin agent 139 and at least one service appliance 170. In one embodiment, multiplexer 159 implements a forwarding table that includes at least one entry for each thin agent 139 and each service appliance 170. In such an embodiment, multiplexer 159 implements destination based forwarding, whereby a data message is constructed to include a destination address that corresponds to at least one thin agent 139 or at least one service appliance 170. When multiplexer 159 receives the data message, an associated destination address is matched to an entry within the forwarding table to determine a destination thin agent 139 or service appliance 170 for the data message [0018]).

Regarding claim 5 the limitations of this claim have been noted in the rejection of claim 1. Xu also discloses:
dequeuing, at the filesystem server, the command from the shared memory channel (If, at step 409, guest integrity module 149 determines that the security key is not valid, then guest integrity module 149 issues a security alert and discards the data packet 411 [0044]); 
verifying the authentication information in the command against the sent authentication information (Upon receiving the tagged packet of data, guest integrity module 149 performs verification operations to ensure that the security key is valid [0044]); and 
executing the command (At step 415, service application 174 receives the tagged data packet and processes the data in the data packet [0045]).

Regarding claim 6 the limitations of this claim have been noted in the rejection of claim 5. Vincent also discloses:
returning a completion message for the command from the filesystem server to the client application through the shared memory channel (once the I/O operation is completed by the host device driver 206, the host driver indicates the completion to the frontend (guest) driver 204 [Col. 6, Lines 30-37]).

Claims 8-13 & 15-20 are rejected for the reasons as claims 1-6.


Claims 7 & 14 are rejected under 35 U.S.C. 103 as being unpatentable over Xu in view of Vincent, further in view of Ziskind et al. [hereinafter Ziskind] PG Pub US 2010/0211829 A1.

Regarding claims 7, the limitations of this claim have been noted in the rejection of claim 1, it is noted that neither Xu nor Vincent explicitly disclose:
wherein the filesystem server executes in a user space of the hypervisor.
However, Ziskind discloses:
wherein the filesystem server executes in a user space of the hypervisor (host agents run as processes in user space relative to the hypervisor and interact with the kernel of the hypervisor (e.g., via file system application programming interfaces) to access shared data store [0014]).
The systems of Xu, Vincent, and Ziskind are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are all from the field of “memory control.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the systems of Xu, Vincent, and Ziskind since this would enable the filesystem of Xu to execute in a user space of the hypervisor. This system would improve “detecting host failure and performing "failover" depend upon a software agent running on each host in the cluster [0002].” 

Claim 14 is rejected for the reasons as claim 7.

Notes
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
	Argarwal PG Pub US 2016/0042195 A1 discloses nested mappings.
	Argarwal PG Pub US 2016/0044041 A1 discloses nested mappings and allocations.
Horovitz et al. PG Pub US 2011/0082962 A1 discloses nested mappings.
Talla PG Pub US 2010/0325391 A1 discloses the initialization of ring buffers and associated shared memory.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SEAN D ROSSITER whose telephone number is (571)270-3788.  The examiner can normally be reached on M-F 8AM-4PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jared Rutz can be reached on 571-272-5535.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




	/SEAN D ROSSITER/           Primary Examiner, Art Unit 2133