DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/28/2022 has been entered.


Response to Arguments
This action is in reply to papers filed on 09/28/2022. Claims 1-3, 5, 7-10, 13-16, 18, and 20 are pending. Claims 1, 7-8, 13-14, and 20 were amended. Claims 4, 6, 11-12, 17, and 19 were previously canceled. Claims 1, 8, and 14 are independent.
Applicant's arguments ("REMARKS") filed 09/28/2022, presented on pp. 8-9, in response to the rejection of the claims under 35 U.S.C. §103 with respect to Haikney et al., US 2012/0159634 A1 (hereinafter, “Haikney ‘634”), Ortiz et al., US 2019/0362083 A1 (hereinafter “Ortiz ‘083”), MacKintosh et al., US 2015/0135311 A1 (hereinafter, “MacKintosh ‘311”) have been fully considered and are partially persuasive. 
Specifically, Applicant argues that the cited references do not teach or suggest the limitations “… performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system and performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS to determine platform configuration register (PCR) measurement data that is based on the first and second measurements … and that the guest OS and the physical cryptoprocessor are associated with a single physical platform” as amended in claim 1. 
Haikney ‘634 in view of Ortiz ‘083 does not explicitly disclose the above limitations recited in claim 1, as amended. Therefore, the rejections have been withdrawn. However, MacKintosh ‘311, which was cited to in the previous Office Action with respect to the rejection of dependent claims 5 and 18 under 35 U.S.C. §103, discloses these limitations. This response is also applicable to arguments for independent claims 8 and 14. 
Thus, upon further consideration, a new ground of rejection is made in view of MacKintosh ‘311. See Claim Rejections – 35 USC §103 below for details.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 5, 7-10, 13-16, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Haikney et al., US 2012/0159634 A1 (hereinafter, “Haikney ‘634”) in view of Ortiz et al., US 2019/0362083 A1 (hereinafter, “Ortiz ‘083”), and further in view of MacKintosh et al., US 2015/0135311 A1 (hereinafter, “MacKintosh ‘311”).

As per claim 1: Haikney ‘634 discloses:
An information handling system (a first environment 12, where the first environment 12 may be a computing system that processes and stores data [Haikney ‘634, ¶¶6, 16, 20-23; Fig. 1]) comprising: 
at least one processor (computer and/or server; it is well-known in the art that computers and/or servers inherently contain at least one processor [Haikney ‘634, ¶¶16, 21-24, Claims]); and 
a memory coupled to the at least one processor (memory storing instructions to be executed by a processor [Haikney ‘634, ¶¶10, 21-22, Claims]); 
wherein the information handling system (a first environment 12, where the first environment 12 may be a computing system that processes and stores data [Haikney ‘634, ¶¶6, 16, 20-23; Fig. 1]) is configured to: 
execute an application (accessing and running applications or software within virtual machine 10 on the first environment 12 [Haikney ‘634, ¶¶20, 24; Fig. 1]) within a guest operating system on the at least one processor (under the broadest reasonable interpretation, a “guest operating system” is interpreted to be a secondary operating system (OS) that is separate from the host OS on the same device, where the secondary OS may be implemented on a virtual machine; applications or software are executed on a separate OS of the virtual machine 10 on the first environment 12, where the separate OS co-exists with the host OS on the same hardware, but are isolated from each other [Haikney ‘634 ¶20; Fig. 1]), 

securely transfer execution of the application (migrating the applications, software, and other data of a virtual machine 10 by transferring the virtual machine 10 from the first environment 12 to a second environment 14, where the software and applications are to be run on the second environment 14 [Haikney ‘634, ¶¶5, 20, 23, 26-31; Fig. 1, Fig. 2, Fig. 4]) to a second information handling system (a second environment 14, where the second environment 14 may be a computing system that processes and stores data [Haikney ‘634, ¶¶6, 16, 20-23; Fig. 1]) by: 

performing (performing trust measurements by a vTPM (virtual Trusted Platform Module) of a virtual machine 10, where a secondary OS, i.e. a guest OS, may be implemented on the virtual machine 10, and where the trust measurements are related to the security of the virtual machine 10 and used to determine PCR values 16 [Haikney ‘634, ¶¶20, 24]);
transmitting the PCR measurement data to the second information handling system (transferring PCR values 16, contained in the base trust values, to the second environment 14 [Haikney ‘634, ¶¶24-25, 29; Fig. 2, Fig. 4]); and 
transmitting the data of the application to the second information handling system (migrating software, applications, and other data from the virtual machine 10 to the second environment 14 [Haikney ‘634, ¶¶5-6, 20-22, 26-31; Fig. 2, Fig. 3, Fig. 4]); 
wherein the PCR measurement data is usable by the second information handling system to perform a remote attestation (the PCR values 16, contained in the base trust values, is used by the second environment 14 to perform remote attestation [Haikney ‘634, ¶¶8, 24, 26, 29-30; Fig. 3, Fig. 4]), 
the remote attestation including verification of the PCR measurement data to confirm that the data of the application (remote attestation includes verifying the PCR values 16, contained in the base trust values, to confirm that the software, applications, and data of the migrated virtual machine 10 has not been compromised or is not secure [Haikney ‘634, ¶¶17, 24, 27-31; Fig. 3, Fig. 4]).

As stated above, Haikney ‘634 does not explicitly disclose: “execute an application … wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory; and … performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system and performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS to determine platform configuration register (PCR) measurement data that is based on the first and second measurements; … verification of the PCR measurement data to confirm that the data of the application has not been changed and that the guest OS and the physical cryptoprocessor are associated with a single physical platform.”
Ortiz ‘083, however, discloses:
execute an application … (running applications and executing data analytic models on a processor 101 [Ortiz ‘083, ¶¶69, 73, 179, 205; Fig. 1, Fig. 2A]), 
wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory (data of the applications and data analytic models are encrypted and stored in secure enclaves 133 of a memory [Ortiz ‘083, ¶¶87, 152, 178, 201; Fig. 2A, Fig. 14]); and … 
performing 
 
to determine platform configuration register (PCR) measurement data  (obtaining system measurements of platform 100 by the Trusted Platform Module (TPM) 135, where the system measurements represent PCR values; under the broadest reasonable interpretation, a “cryptoprocessor” is interpreted as a TPM 135 implemented in hardware [Ortiz ‘083 ¶¶132-136; Fig. 1, Fig. 4]); 
verification of the PCR measurement data to confirm that the data of the application has not been changed (verification of PCR values to confirm that data of the applications and data analytic models has not been tampered with [Ortiz ‘083, ¶¶73, 75, 116, 134; Fig. 2A, Fig. 4]).

Haikney ‘634 and Ortiz ‘083 are analogous art because they are from the same field of endeavor, namely that of the secure processing and transferring of data and applications. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 and Ortiz ‘083 before them, to modify the method in Haikney ‘634 to include the teachings of Ortiz ‘083, namely to execute software and applications on the virtual machine 10 of Haikney ‘634, where data from the software and applications is encrypted and stored in secure enclaves like the ones in Ortiz ‘083, perform system measurements using both a vTPM on the virtual platform and hardware-based TPM on the system to determine PCR values, verify the PCR values and perform remote attestation using the PCR values, contained in the base trust values, to confirm not only whether the data from the software and applications is not secure, but also that the data has not been tampered with or changed. The motivation for doing so would be to provide a secure storage for sensitive data/applications such that they are not accessed by unauthorized entities, and to ensure that integrity of the data/applications has not been compromised through tampering, where TPMs may include security mechanisms to make the PCR values and the TPMs themselves tamper resistant during attestation (see Ortiz ‘083 ¶¶101, 116, 134). 

As stated above, Haikney ‘634 in view of Ortiz ‘083 does not explicitly disclose: “… performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system and performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS to determine platform configuration register (PCR) measurement data that is based on the first and second measurements; … and that the guest OS and the physical cryptoprocessor are associated with a single physical platform.”
MacKintosh ‘311, however, discloses:
… performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system (performing first measurement relating to a host environment, which may be the server 150, by a trusted platform module (TPM) 628, where the TPM is implemented in hardware [MacKintosh ‘311, ¶¶10, 53; Fig. 3, Fig. 6]) and 
performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS (performing second measurements relating to virtual machine (VM) 152 hosting a guest operating system (OS) by a virtual TPM (vTPM) 655 of the VM 152, where the second measurements may be associated with at least ‘VM OS LOADER’ data [MacKintosh ‘311, ¶¶11, 15, 41, 54-55; Fig. 3, Fig. 5, Fig. 6])
to determine platform configuration register (PCR) measurement data that is based on the first and second measurements (determine PCR data 505, 555 based on the first and second measurements [MacKintosh ‘311, ¶¶53-54; Fig. 3, Fig. 5]); 
… and that the guest OS and the physical cryptoprocessor are associated with a single physical platform (the VM 152 hosting a guest OS and the TPM 628 are associated with a single platform, such as a system on server 150 [MacKintosh ‘311, ¶¶43-44, 53-55; Fig. 2, Fig. 6]).

Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 are analogous art because they are from the same field of endeavor, namely that of the attestation and validation of virtual machines and the corresponding host systems. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 before them, to modify the method in Haikney ‘634 (modified by Ortiz ‘083) to include the teachings of MacKintosh ‘311, namely to not only perform PCR measurements 16 of the migrating virtual machine (VM) 10 using a vTPM, as disclosed in Haikney ‘634, but also to perform additional PCR measurements of the host environment of the migrating VM using a native hardware-based TPM 628, as disclosed in  MacKintosh ‘311, where the host environment may be the first environment 12 of Haikney ‘634. The motivation for doing so would be to provide additional system security during the migration of VMs by using a native TPM to perform measurements and attestation of the corresponding host systems (see MacKintosh ‘311, ¶¶13-14, 53).

As per claim 2: Haikney ‘634, in view of Ortiz ‘083, and further in view of MacKintosh ‘311 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Haikney ‘634 in view of MacKintosh ‘311 does not explicitly disclose the limitations of claim 2. 
Ortiz ‘083, however, discloses:
	wherein the secure enclave region is based on Software Guard Extensions (SGX) of the at least one processor (secure enclaves 133 is based on SGX of a processor [Ortiz ‘083 ¶¶203, 246, 254]).

	Haikney ‘634 (modified by MacKintosh ‘311) and Ortiz ‘083 are analogous art because they are from the same field of endeavor, namely that of the secure processing and transferring of data and applications. For reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 (modified by MacKintosh ‘311) and Ortiz ‘083 before them, to modify the method in Haikney ‘634 (modified by MacKintosh ‘311) to include the teachings of Ortiz ‘083.

As per claim 3: Haikney ‘634, in view of Ortiz ‘083, and further in view of MacKintosh ‘311 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Furthermore, Haikney ‘634 discloses:
wherein the information handling system and the second information handling system (a first 12 and second 14 environment, where the environments may be a computing systems that processes and stores data, [Haikney ‘634 ¶¶6, 16, 20-23; Fig. 1]) are nodes (under the broadest reasonable interpretation, a “node” is interpreted as a point of connection in a network that is capable of receiving and transmitting information, such as a server; the first 12 and second 14 environments may be servers and/or computing systems in a network that transmits and receives data [Haikney ‘634 ¶¶5, 21-23; Fig. 1]) of a hyper-converged infrastructure (HCI) cluster (under the broadest reasonable interpretation, an “HCI cluster” is a network of computing systems and/or servers with storage, computing, networking, and virtual computing capabilities; the first 12 and second 14 environments may be servers and/or computing systems within in a network with storage, computing, networking, and virtual computing capabilities [Haikney ‘634 ¶¶5-6, 16, 20-24; Fig. 1]).

As per claim 5: Haikney ‘634, in view of Ortiz ‘083, and further in view of MacKintosh ‘311 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Haikney ‘634 in view of Ortiz ‘083 does not explicitly disclose the limitations of claim 5. 
MacKintosh ‘311, however, discloses:
wherein a hypervisor is configured to execute the guest OS (a hypervisor 256 is configured to execute a guest operating system, within virtual machine 152, on server 150; application 154 is also operable on virtual machine 152 [MacKintosh ‘311, ¶¶15, 42-45; Fig. 1, Fig. 2]).

Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 are analogous art because they are from the same field of endeavor, namely that of the secure processing and transferring of data and applications involving virtual machines. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 before them, to modify the method in Haikney ‘634 (modified by Ortiz ‘083) to include the teachings of MacKintosh ‘311, namely to utilize a hypervisor 256, as disclosed in MacKintosh ‘311, to execute a secondary OS of virtual machine 10 on the first environment 12, as disclosed in Haikney ‘634, where applications or software may be executed on the secondary OS. The motivation for doing so would be to provide an intermediary layer, the hypervisor, between virtual machines (and their respective guest OS) and physical hardware, where the hypervisor may directly manage and execute the virtual machines (see MacKintosh ‘311 ¶¶27, 43).

As per claim 7: Haikney ‘634, in view of Ortiz ‘083, and further in view of MacKintosh ‘311 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Haikney ‘634 does not explicitly disclose the limitations of claim 7.
Ortiz ‘083, however, discloses:
wherein the cryptoprocessor is a physical Trusted Platform Module (TPM) (cryptoprocessor is a TPM 135 within platform 100 [Ortiz ‘083 ¶¶132-136; Fig. 1, Fig. 4]).

Haikney ‘634 and Ortiz ‘083 are analogous art because they are from the same field of endeavor, namely that of the secure processing and transferring of data and applications. For reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 and Ortiz ‘083 before them, to modify the method in Haikney ‘634 to include the teachings of Ortiz ‘083.

As per claim 8: Haikney ‘634 discloses:
A method comprising:
an information handling system (a first environment 12, where the first environment 12 may be a computing system that processes and stores data [Haikney ‘634, ¶¶6, 16, 20-23; Fig. 1]) executing an application within a guest operating system (OS) (under the broadest reasonable interpretation, a “guest operating system” is interpreted to be a secondary operating system (OS) that is separate from the host OS on the same device, where the secondary OS may be implemented on a virtual machine; applications or software are executed on a separate OS of the virtual machine 10 on the first environment 12, where the separate OS co-exists with the host OS on the same hardware, but are isolated from each other [Haikney ‘634 ¶20; Fig. 1]) on at least one processor (computer and/or server; it is well-known in the art that computers and/or servers inherently contain at least one processor [Haikney ‘634, ¶¶16, 21-24, Claims]) of the information handling system (accessing and running applications or software within virtual machine 10 on the first environment 12 [Haikney ‘634, ¶¶20, 24; Fig. 1]),

the information handling system securely transferring execution of the application (migrating the applications, software, and other data of a virtual machine 10 by transferring the virtual machine 10 from the first environment 12 to a second environment 14, where the software and applications are to be run on the second environment 14 [Haikney ‘634, ¶¶5, 20, 23, 26-31; Fig. 1, Fig. 2, Fig. 4]) to a second information handling system (a second environment 14, where the second environment 14 may be a computing system that processes and stores data [Haikney ‘634, ¶¶6, 16, 20-23; Fig. 1]) by: 

performing (performing trust measurements by a vTPM (virtual Trusted Platform Module) of a virtual machine 10, where a secondary OS, i.e. a guest OS, may be implemented on the virtual machine 10, and where the trust measurements are related to the security of the virtual machine 10 and used to determine PCR values 16 [Haikney ‘634, ¶¶20, 24]);
transmitting the PCR measurement data to the second information handling system (transferring PCR values 16, contained in the base trust values, to the second environment 14 [Haikney ‘634, ¶¶24-25, 29; Fig. 2, Fig. 4]); and 
transmitting the data of the application to the second information handling system (migrating software, applications, and other data from the virtual machine 10 to the second environment 14 [Haikney ‘634, ¶¶5-6, 20-22, 26-31; Fig. 2, Fig. 3, Fig. 4]); 
wherein the PCR measurement data is usable by the second information handling system to perform a remote attestation (the PCR values 16, contained in the base trust values, is used by the second environment 14 to perform remote attestation [Haikney ‘634, ¶¶8, 24, 26, 29-30; Fig. 3, Fig. 4]), 
the remote attestation including verification of the PCR measurement data to confirm that the data of the application (remote attestation includes verifying the PCR values 16, contained in the base trust values, to confirm that the software, applications, and data of the migrated virtual machine 10 has not been compromised or is not secure [Haikney ‘634, ¶¶17, 24, 27-31; Fig. 3, Fig. 4]).

As stated above, Haikney ‘634 does not explicitly disclose: “executing an application … wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory; and … performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system and performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS to determine platform configuration register (PCR) measurement data that is based on the first and second measurements; … verification of the PCR measurement data to confirm that the data of the application has not been changed and that the guest OS and the physical cryptoprocessor are associated with a single platform.”
Ortiz ‘083, however, discloses:
executing an application … (running applications and executing data analytic models on a processor 101 [Ortiz ‘083, ¶¶69, 73, 179, 205; Fig. 1, Fig. 2A]), 
wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory (data of the applications and data analytic models are encrypted and stored in secure enclaves 133 of a memory [Ortiz ‘083, ¶¶87, 152, 178, 201; Fig. 2A, Fig. 14]); and … 
performing 
 
to determine platform configuration register (PCR) measurement data  (obtaining system measurements of platform 100 by the Trusted Platform Module (TPM) 135, where the system measurements represent PCR values; under the broadest reasonable interpretation, a “cryptoprocessor” is interpreted as a TPM 135 implemented in hardware [Ortiz ‘083 ¶¶132-136; Fig. 1, Fig. 4]); 
verification of the PCR measurement data to confirm that the data of the application has not been changed (verification of PCR values to confirm that data of the applications and data analytic models has not been tampered with [Ortiz ‘083, ¶¶73, 75, 116, 134; Fig. 2A, Fig. 4]).

Haikney ‘634 and Ortiz ‘083 are analogous art because they are from the same field of endeavor, namely that of the secure processing and transferring of data and applications. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 and Ortiz ‘083 before them, to modify the method in Haikney ‘634 to include the teachings of Ortiz ‘083. 

As stated above, Haikney ‘634 in view of Ortiz ‘083 does not explicitly disclose: “… performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system and performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS to determine platform configuration register (PCR) measurement data that is based on the first and second measurements; … and that the guest OS and the physical cryptoprocessor are associated with a single platform.”
MacKintosh ‘311, however, discloses:
… performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system (performing first measurement relating to a host environment, which may be the server 150, by a trusted platform module (TPM) 628, where the TPM is implemented in hardware [MacKintosh ‘311, ¶¶10, 53; Fig. 3, Fig. 6]) and 
performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS (performing second measurements relating to virtual machine (VM) 152 hosting a guest operating system (OS) by a virtual TPM (vTPM) 655 of the VM 152, where the second measurements may be associated with at least ‘VM OS LOADER’ data [MacKintosh ‘311, ¶¶11, 15, 41, 54-55; Fig. 3, Fig. 5, Fig. 6])
to determine platform configuration register (PCR) measurement data that is based on the first and second measurements (determine PCR data 505, 555 based on the first and second measurements [MacKintosh ‘311, ¶¶53-54; Fig. 3, Fig. 5]); 
… and that the guest OS and the physical cryptoprocessor are associated with a single platform (the VM 152 hosting a guest OS and the TPM 628 are associated with a single platform, such as a system on server 150 [MacKintosh ‘311, ¶¶43-44, 53-55; Fig. 2, Fig. 6]). 

Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 are analogous art because they are from the same field of endeavor, namely that of the attestation and validation of virtual machines and the corresponding host systems. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 before them, to modify the method in Haikney ‘634 (modified by Ortiz ‘083) to include the teachings of MacKintosh ‘311.

As per claims 9-10 and 13: Claims 9-10 and 13 define a method that recites substantially similar subject matter as the system of claims 2-3 and 7, respectively. Specifically, Claims 9-10 and 13 are directed to method that is performed by the system recited in the claims 2-3 and 7, respectively. Thus, the rejections of claims 2-3 and 7 are equally applicable to claims 9-10 and 13, respectively. 

As per claim 14: Haikney ‘634 discloses:
An article of manufacture comprising a non- transitory, computer-readable medium having computer- executable code thereon (memory storing instructions to be executed by a processor [Haikney ‘634, ¶¶10, 21-22, Claims]) that is executable by a processor (computer and/or server; it is well-known in the art that computers and/or servers inherently contain at least one processor [Haikney ‘634, ¶¶16, 21-24, Claims]) of an information handling system (a first environment 12, where the first environment 12 may be a computing system that processes and stores data [Haikney ‘634, ¶¶6, 16, 20-23; Fig. 1]) for:
executing an application within a guest operating system (OS) (under the broadest reasonable interpretation, a “guest operating system” is interpreted to be a secondary operating system (OS) that is separate from the host OS on the same device, where the secondary OS may be implemented on a virtual machine; applications or software are executed on a separate OS of the virtual machine 10 on the first environment 12, where the separate OS co-exists with the host OS on the same hardware, but are isolated from each other [Haikney ‘634 ¶20; Fig. 1]) on the processor (accessing and running applications or software within virtual machine 10 on the first environment 12 [Haikney ‘634, ¶¶20, 24; Fig. 1]), 

securely transferring execution of the application (migrating the applications, software, and other data of a virtual machine 10 by transferring the virtual machine 10 from the first environment 12 to a second environment 14, where the software and applications are to be run on the second environment 14 [Haikney ‘634, ¶¶5, 20, 23, 26-31; Fig. 1, Fig. 2, Fig. 4]) to a second information handling system (a second environment 14, where the second environment 14 may be a computing system that processes and stores data [Haikney ‘634, ¶¶6, 16, 20-23; Fig. 1]) by: 

performing (performing trust measurements by a vTPM (virtual Trusted Platform Module) of a virtual machine 10, where a secondary OS, i.e. a guest OS, may be implemented on the virtual machine 10, and where the trust measurements are related to the security of the virtual machine 10 and used to determine PCR values 16 [Haikney ‘634, ¶¶20, 24]);
transmitting the PCR measurement data to the second information handling system (transferring PCR values 16, contained in the base trust values, to the second environment 14 [Haikney ‘634, ¶¶24-25, 29; Fig. 2, Fig. 4]); and 
transmitting the data of the application to the second information handling system (migrating software, applications, and other data from the virtual machine 10 to the second environment 14 [Haikney ‘634, ¶¶5-6, 20-22, 26-31; Fig. 2, Fig. 3, Fig. 4]); 
wherein the PCR measurement data is usable by the second information handling system to perform a remote attestation (the PCR values 16, contained in the base trust values, is used by the second environment 14 to perform remote attestation [Haikney ‘634, ¶¶8, 24, 26, 29-30; Fig. 3, Fig. 4]), 
the remote attestation including verification of the PCR measurement data to confirm that the data of the application (remote attestation includes verifying the PCR values 16, contained in the base trust values, to confirm that the software, applications, and data of the migrated virtual machine 10 has not been compromised or is not secure [Haikney ‘634, ¶¶17, 24, 27-31; Fig. 3, Fig. 4]).

As stated above, Haikney ‘634 does not explicitly disclose: “executing an application … wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory; and … performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system and performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS to determine platform configuration register (PCR) measurement data that is based on the first and second measurements; … verification of the PCR measurement data to confirm that the data of the application has not been changed and that the guest OS and the physical cryptoprocessor are associated with a single platform.”
Ortiz ‘083, however, discloses:
executing an application … (running applications and executing data analytic models on a processor 101 [Ortiz ‘083, ¶¶69, 73, 179, 205; Fig. 1, Fig. 2A]), 
wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory (data of the applications and data analytic models are encrypted and stored in secure enclaves 133 of a memory [Ortiz ‘083, ¶¶87, 152, 178, 201; Fig. 2A, Fig. 14]); and … 
performing 
 
to determine platform configuration register (PCR) measurement data  (obtaining system measurements of platform 100 by the Trusted Platform Module (TPM) 135, where the system measurements represent PCR values; under the broadest reasonable interpretation, a “cryptoprocessor” is interpreted as a TPM 135 implemented in hardware [Ortiz ‘083 ¶¶132-136; Fig. 1, Fig. 4]); 
verification of the PCR measurement data to confirm that the data of the application has not been changed (verification of PCR values to confirm that data of the applications and data analytic models has not been tampered with [Ortiz ‘083, ¶¶73, 75, 116, 134; Fig. 2A, Fig. 4]).

Haikney ‘634 and Ortiz ‘083 are analogous art because they are from the same field of endeavor, namely that of the secure processing and transferring of data and applications. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 and Ortiz ‘083 before them, to modify the method in Haikney ‘634 to include the teachings of Ortiz ‘083. 

As stated above, Haikney ‘634 in view of Ortiz ‘083 does not explicitly disclose: “… performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system and performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS to determine platform configuration register (PCR) measurement data that is based on the first and second measurements; … and that the guest OS and the physical cryptoprocessor are associated with a single platform.”
MacKintosh ‘311, however, discloses:
… performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system (performing first measurement relating to a host environment, which may be the server 150, by a trusted platform module (TPM) 628, where the TPM is implemented in hardware [MacKintosh ‘311, ¶¶10, 53; Fig. 3, Fig. 6]) and 
performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS (performing second measurements relating to virtual machine (VM) 152 hosting a guest operating system (OS) by a virtual TPM (vTPM) 655 of the VM 152, where the second measurements may be associated with at least ‘VM OS LOADER’ data [MacKintosh ‘311, ¶¶11, 15, 41, 54-55; Fig. 3, Fig. 5, Fig. 6])
to determine platform configuration register (PCR) measurement data that is based on the first and second measurements (determine PCR data 505, 555 based on the first and second measurements [MacKintosh ‘311, ¶¶53-54; Fig. 3, Fig. 5]); 
… and that the guest OS and the physical cryptoprocessor are associated with a single platform (the VM 152 hosting a guest OS and the TPM 628 are associated with a single platform, such as a system on server 150 [MacKintosh ‘311, ¶¶43-44, 53-55; Fig. 2, Fig. 6]). 

Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 are analogous art because they are from the same field of endeavor, namely that of the attestation and validation of virtual machines and the corresponding host systems. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Haikney ‘634 (modified by Ortiz ‘083) and MacKintosh ‘311 before them, to modify the method in Haikney ‘634 (modified by Ortiz ‘083) to include the teachings of MacKintosh ‘311.

As per claims 15-16, 18, and 20: Claims 15-16, 18, and 20 define an article of manufacture that recite substantially similar subject matter as the system of claims 2-3, 5, and 7, respectively. Specifically, Claims 15-16, 18, and 20 are directed to an article of manufacture comprising a non- transitory, computer-readable medium having computer- executable code thereon that is executable by a processor to perform the method that is performed by the system recited in the claims 2-3, 5, and 7, respectively. Thus, the rejections of claims 2-3, 5, and 7 are equally applicable to claims 15-16, 18, and 20, respectively. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to the Applicant’s disclosure:
Scarlata, US 2007/0094719 A1: a first processing system determines whether a second processing system provides a trustworthy state for supporting a virtual trusted platform module (TPM), based on attestation using platform configuration register (PCR) values.
Poornachandran et al., US 2016/0350534 A1: performing remote attestation using PCRs to verify the integrity of a virtual trusted execution environment and the corresponding Software Guard Extensions (SGX) secure enclaves.
Sahita et al., US 2011/0154500 A1: storing an application within an isolated memory region, and attesting to whether or not the application is valid based on PCR values.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 9:00am-7:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494