DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Preliminary Amendment filed 7/28/2022.
Claims 1-20 have been amended.
Claims 1-20 remain pending and have been considered below.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 10 and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 8 and 15 of U.S. Patent No.11,334,670 respectively. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims recite similar concepts.  The table below shows an example of mapping between two claims to identify the similar concepts.

Instant Application N. 17/721449
U.S. Patent No. 11,334,670
1. (Currently Amended) A method, comprising:
1. A method comprising:
receiving, by a verifier entity, a measurement log for a disk image associated with a virtual machine of a software stack resident on a host machine, wherein the virtual machine is associated with files of the disk image, and the measurement log comprises hashes corresponding to the files; and
at a management entity:
generating a measurement log for a disk image associated with a virtual machine of a software stack resident on a host machine, wherein the virtual machine is associated with files of the disk image and the measurement log comprises file paths and hashes for the files; and
comparing, by the verifier entity, the measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack to verify the software stack, wherein the comparison of the measurement log with the reference measurement comprises comparing the hashes with the reference measurement.
at a verifier entity:
retrieving the generated measurement log; and 
comparing the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack to verify the software stack, wherein comparing the generated measurement log with the reference measurement comprises comparing the reference measurement with the file paths and the hashes of the generated measurement log.



Examiner’s Statement of Reasons for Allowance
Claims 1-20 are considered allowable when reading the claims in light of the specification.  The prior arts of record do not teach or reasonably suggest the combination of the limitations specified in the independent claims 1, 3, 5 and 7.
The closest prior arts are:
Samuel et al. (US 20190109877) teaches secure application metering.  The hardware encryption device 306 may use the attestation keys signed with the direct anonymous attestation key or the attestation keys verifiable by the certification authority to attest to a hash of a file, contents of a memory, the state of the operating system, state of a process, the state of registry entries, the state of processes, permissions of process, access permissions and/or the like. In the case of direct anonymous authorization, the hardware encryption device 306 may generate a hash of content being certified, determine a signature based on the attestation identify key, the verifier and time. The hardware encryption device 306 may also determine a computational solution, which establishes that the hardware encryption device 306 possesses: (i) a direct anonymous attestation key signed with the signature of an issuer; and (ii) the attestation identity keys, verifier information and time of verification signed using the direct anonymous attestation key. The verifier such as the security manager may verify the hardware encryption device 306 and the state. Additionally, compromised hardware encryption devices may be identified based on the time of request and based on whether multiple requests are received from the hardware encryption device 306 for verification. Further, compromised hardware encryption device may be blacklisted (see paragraph [0062]).
Forrester et al. (US 20090089860) discloses a method and system for verifying the integrity of virtual machines and for verifying the integrity of discrete elements of the virtual machines throughout the lifecycle of the virtual machines. A virtual machine manager capable of managing one or more virtual machine images is installed on a physical hardware platform. An integrity verification component can be communicatively coupled to the virtual machine manager and an integrity reference component so that the integrity verification component can compare digests of the virtual machine image or discrete virtual machine image elements to virtual machine integrity records accessible from the integrity reference component (see the Abstract).
A virtual machine image may contain malware. For example, a virtual machine image 201 listed in the catalog may be infected with computer virus. In the case of a third party virtual machine image, such as machine image 201-6, the safety of the virtual machine image may be validated by provenance. That is, the safety of the virtual machine image may be validated by verifying the integrity of the build chain from the base machine image to the current machine image. As a particular example, the safety of the virtual machine image 201-6 may be validated by ensuring that it was created from the machine image 201-5, which is from the cloud service provider. The provenance approach necessarily assumes that the cloud service provider is trustworthy and that the third party selling the virtual machine image is itself trustworthy. However, meta-data provided at the virtual machine image level may be insufficient to verify the integrity of the build chain. Validating a virtual machine image by provenance is also hampered by the difficulty in mounting and reading a virtual machine image without instantiating a virtual machine off it (see col.4, lines 51-67).
Applicant’s claimed invention is deemed allowable over the cited prior arts above as the prior arts do not teach the combination of the limitations specified in the independent claims
“receiving, by a verifier entity, a measurement log for a disk image associated with a virtual machine of a software stack resident on a host machine, wherein the virtual machine is associated with files of the disk image, and the measurement log comprises hashes corresponding to the files; and comparing, by the verifier entity, the measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack to verify the software stack, wherein the comparison of the measurement log with the reference measurement comprises comparing the hashes with the reference measurement”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHILLIP H NGUYEN whose telephone number is (571)270-1070. The examiner can normally be reached Monday-Friday 9:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Zhen can be reached on (571) 272-3708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHILLIP H NGUYEN/Primary Examiner, Art Unit 2191