DETAILED ACTION

Status of Claims

This action is in reply to the application filed on 04/05/2021.
Claims 2-22 have been added in a pre-examination amendment on 06/27/2022.
Claim 1 has been canceled in a pre-examination amendment on 06/27/2022.
Claims 2-22 are currently pending and have been examined.

	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 2-22 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor at the time the application was filed, had possession of the claimed invention.

The claims include numerous which are not found in Applicant’s as-filed Specification (AppSpec). The following claim terms lack written description support: virtual environment (Claims 2, 6, 9, 13, 16, 20), security circuitry (Claims 2, 9, 16), remote party (Claims 3, 10, 17), public key (Claims 7, 14, 21).
Furthermore, the following functional steps/operations are unsupported by AppSpec:
Claims 3, 10, 17: a second report is to be provided to a remote party by the virtual machine
Claims 5, 12, 19: generate a second attestation report responsive to the termination of the virtual machine
Claims 6, 13, 20: wherein the request is received from a hypervisor within the virtual environment
Claim 16: cause transmission of the attestation report

Any claim listed in the rejection heading not explicitly listed in the body is rejected for being dependent upon a rejected claim.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 2-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without integration into a practical application and without significantly more because the recited steps/operations fall within the “Mental Processes” grouping of abstract ideas. 
Claim 9 recites a method with steps of accessing a request for an attestation report, generating the attestation report whose contents include information about the virtual environment associated with the execution of the virtual machine and a source identifier, and outputting the attestation report which is a process that, under its broadest reasonable interpretation, covers performance of the limitations in the mind and/or with pen and paper. “The above claim recites a process of taking two data sets and combining them into a single data set…recites an ineligible abstract process of gathering and combining data” Digitech Image Techs., LLC v. Elecs. for Imaging, Inc. (Fed. Cir. 2014). 
The additional claim elements beyond the three basic steps neither integrate the exception into a practical application nor amount to significantly more. The generically described informational content of the report including that it is associated with a virtual machine (VM) and includes information about the virtual environment associated with the execution of the VM and a source identifier merely indicate the technological environment in which to apply a judicial exception. The recitations that the report is generated using security circuitry of a processor and the information about the virtual environment provided by the security circuitry of the processor amount to no more than a generic description to apply the exception using generic computer components at a high level of generality, and accordingly do not integrate the judicial exception into a practical application nor amount to significantly more.
Claims 2 and 16 recite a storage medium and system to implement the same abstract idea as described in claim 9 are rejected under the same rationale provided above. 
None of dependent claims 3-8, 10-15, and 17-22 resolve the deficiencies detailed above as they merely provide additional limitations characterizing the technological environment in which to apply a judicial exception (e.g. Claims 4, 11, and 18: wherein the report is output from the VM; Claims 6, 13, and 29: wherein the request is received from a hypervisor) and/or are similarly abstract (e.g. Claims 8, 15, and 22: wherein the request is a first request of a plurality of requests and the attestation report is a first attestation, the method further including generating a plurality of attestation reports). 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 2-5, 7-12, 14-19, 21, and 22 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Li et al. (US 2019/0370467 A1).

Claims 2, 9, and 16:
Li discloses the limitations as shown in the following rejections:
access a request (e.g. COLLECT/INSPECT request) for an attestation report associated with a VM, the VM to execute within a virtual environment (FIG. 1; ¶0018, 0022-0023, 0035, 0039).
generate the attestation report using security circuitry (SGX/TEE) of a processor, the attestation report to be signed by the processor (FIG. 1; ¶0022-0023, 0029-0030).
the attestation report including information (e.g. co-located VMs, “message authentication code (MAC)” corresponding to platform) about the virtual environment associated with the execution of the VM and a source identifier (identifier of enclave report source/“MRENCLAVE”), the information about the virtual environment provided by the security circuitry of the processor; and output the attestation report  (¶0023, 0028-0033, 0040-0041).

Claims 3, 4, 10, 11, 17 and 18:
Li discloses the limitations as shown in the rejections above. Li further discloses wherein the attestation report is a first report and a second report is to be provided to a remote party by the virtual machine…wherein the attestation report is output from the virtual machine (FIG. 1; ¶0023, 0028, 0037-0039).




Claims 5, 12, and 19:
Li discloses the limitations as shown in the rejections above. Li further discloses wherein the attestation report is a first attestation report associated with launch of the virtual machine and the instructions, when executed cause the computing device to generate a second attestation report responsive to the termination (migration) of the virtual machine (¶0021-0023, 0044). As known in the art, migrating/moving a VM includes transferring state data and terminating VM execution at a source location and resuming the VM at a second target location.

Claims 7, 14, and 21:
Li discloses the limitations as shown in the rejections above. Li further discloses wherein the attestation report is associated with a public key (¶0032, 0042).

Claims 8, 15, and 22:
Li discloses the limitations as shown in the rejections above. Li further discloses wherein the request is a first request of a plurality of requests and the attestation report is a first attestation and the instructions, when executed, cause the computing device to generate a plurality of attestation reports (¶0017-0018, 0024).
.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Li et al. (US 2019/0370467 A1) in view of Tosa (US 20140053245 A1).

Claims 6, 13, and 20:
Li discloses the limitations as shown in the rejections above. Li further discloses (FIG. 1; ¶0037-0043) performing a remote attestation wherein verification requests and reports traverse a network boundary between the virtualization platforms, but Li does not illustrate the entire communication path and although arguably inherent, does not explicitly disclose wherein the request is received from a hypervisor within the virtual environment.
Tosa, however, discloses (FIG. 1; ¶0037-0043, 0050-0052) a system and method to establish a secure communication channel in an analogous trusted virtualization environment. Tosa further discloses (FIG. 1; ¶0037-0043, 0050-0052) that “data traffic to and/or from the trusted virtual machine is routed by the hypervisor” (¶0060) (request is received from a hypervisor within the virtual) including data corresponding to attestation request is received from a hypervisor within the virtual environment
It would have been obvious to one of ordinary skill in the art prior to the filing date of the invention to modify Li to employ Tosa’s secure communication methods in order to protect data exchanges from malware (¶0057-0058).

Conclusion
References made of record but not relied upon:
“An Architecture for Concurrent Execution of Secure Environments in Clouds” is directed to methods to improve SGX operation on a multicore processor.
WO 2018162060 A1 is directed to methods to verify VM identity.
Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from the Examiner should be directed to Paul Mills whose telephone number is 571-270-5482.  The Examiner can normally be reached on Monday-Friday 11:00am-8:00pm.  If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Emerson Puente can be reached at 571-272-3652.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see  http://portal.uspto.gov/external/portal/pair .  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). Any response to this action should be mailed to:
Commissioner of Patents and Trademarks
Washington, D.C.  20231
or faxed to 571-273-8300.
Hand delivered responses should be brought to the United States Patent and Trademark Office Customer Service Window:
Randolph Building
401 Dulany Street
Alexandria, VA 22314.
/P. M./
Paul Mills
11/03/2022

/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196