Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1, 10, and 18 are currently amended. No new claims have been added. No claims have been canceled. Claims 1-20 are currently pending for examination.
Response to Arguments
Regarding the applicant’s arguments, pgs.10-12, that neither Kancharla nor King nor Khosravi disclose the amended limitations of claim 1, the examiner has carefully considered these arguments and concedes. Though the remarks claim that none of the cited prior arts of record disclose ‘migrating encryption to an SR-IOV endpoint with per-VF keys kept off the host and outside the memory controller’, this is not a relevant argument, as the claims do not contain this limitation. As such, the independent claims are rejected as they are drafted. If the applicant would like to claim an SR-IOV device external to the host computer which performs encryption operations and stores encryption keys corresponding to VFs corresponding to VMs, they are advised to amend this language into the claims. Accordingly, the rejection of the independent claims under 35 USC 103 is maintained over Kancharla in view of King in further view of Kaplan.
Claim Rejections – 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 4, 9, 10, 11, 13, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kancharla (US 20150358161 A1) in view of King (US 20150058596 A1) in further view of Kaplan (US 20180107608 A1) in further view of Yap (US 20150169472 A1).
As per claim 1, Kancharla discloses:
A method comprising: …receiving from a secure processor by the SR-IOV capable device an encryption key for each virtual function associated with the virtual machine, wherein the virtual machine is configured to execute I/O transaction requests through the SR-IOV capable device (“Similarly, each HSM-VM 104 and its corresponding HSM partition 108 also move from an initial reset state to an operational state, where the partition 108 can be accessed by its HSM-VM 104 for various cryptographic operations…FIG. 7 depicts a diagram of an example of a four-way handshake between the VF HSM driver 118 and the HSM partition 108. As part of this handshake mechanism, a portion of a static secret is exchanged, which, in conjunction with the secret exchanged with the PF HSM driver 126 discussed above, forms a static secret that cannot be read by any other HSM partition 108. “, 0063 ; “As shown in the example of FIG. 2, the FIPS-certified HSM appliance 200 includes an FIPS 140-2 Level 2 and 3 certified computing unit 204, having one or more CPUs, RAM, and storage unit and is configured to run multiple (e.g., up to 32) virtual machines such as the HSM-VMs 104, and the HSM managing VM 106. The HSM appliance 200 further includes a FIPS-certified SR-IOV-capable HSM adapter 202, which is a hardware security appliance for the HSM 102. As shown in the example of FIG. 2, the HSM adapter 202 further includes an SR-IOV PCIe bridge 206 connecting the HSM adapter 202 to the CPU in the computing unit 204 via a first PCIe connection (e.g., PCIe Gen2 x8)”, 0026 ; “In some embodiments, the objects are encoded and encrypted via an encryption key before being stored in the key store 109, wherein the encryption key is unique for each key store 109. Consequently, no entity (e.g., other web service hosts) except the web service provider/host can have access (e.g., read/write) to the authentication credentials to the key store 109 of the HSM partition 108 via its corresponding HSM-VM 104.”, 0032 ; “The HSM managing VM 106 generates and saves required pair of persistent keys and certificate for identification of the HSM service unit 107 as well as a storage encryption key for encrypting the persistent keys in the key store 109 of the HSM partition 108. The HSM managing VM 106 also creates an HSM VM 104 of the HSM service unit 107 with the provided network access details such as an IP address and part of a hostname. Finally, the HSM managing VM 106 starts the HSM service unit 107 by making it available to the user/web service host to offload its key management and crypto operations when both the created HSM VM 104 and the HSM partition 108 are ready.”, 0060 ; “ During its operation, the secured communication server 120 of the HSM-VM 104 opens a session with its corresponding HSM partition 108 in the same HSM service unit 107. The secured communication server 120 listens for connection requests from a user/web service provider. For each new request received from the user, the secured communication server 120 establishes a secured communication channel with the web service provider, wherein the secure channel acts to communicate all requests from the user.”, 0045 ; Examiner Note: the HSM managing VM is running on the HSM appliance which is a secure processor enabled with SR-IOV. The HSM managing VM saves the storage encryption key while initializing the HSM VM (equating to the virtual machine). The HSM VM performing key (data object stored in partition) management operations equates to executing IO transaction requests. The VF HSM driver equates to a VF which the static secret, or encryption key, is associated with)
storing, by the SR-IOV capable device the received encryption key in a key store on the SR-IOV capable device (“The HSM managing VM 106 generates and saves required pair of persistent keys and certificate for identification of the HSM service unit 107 as well as a storage encryption key for encrypting the persistent keys in the key store 109 of the HSM partition 108.”, 0060)
Kancharla discloses the receipt of an encryption key for a VM to execute I/O transactions by an SR-IOV enabled device, but does not disclose an I/O transaction request including a request for a particular virtual function, DMA location, and bus device function, nor the retrieval of the encrypted data by an IOMMU, the transmission of the data to an I/O device by an IOMMU, or a VF of an SR-IOV associated with a specific VM.
However, King discloses:
upon initialization of a virtual machine on a host computer, activating a virtual function in a single-root input/output (I/O) virtualization (SR-IOV) capable device, wherein the SR-IOV is physically connected to the host computer and logically connected to the virtual machine, and the virtual function in the SR-IOV is dedicated to the virtual machine (“In one embodiment, the I/O adapter may be a PCIe device that is virtualized using the single root I/O virtualization protocol to generate a SR-IOV physical function (SR-IOV PF) which is used to a configure and manage one or more SR-IOV virtual functions (SR-IOV-VF)…SR-IOV is also referred to as hardware virtualization since a hardware device--e.g., a PCIe device--is divided into multiple instances which can be assigned to various resources in the computing devices. Each SR-IOV VF may be assigned to a different OS or virtual machine executing in the client device.”, 0040 ; Examiner Note: a PCIe device is necessarily physically connected to the computer)
Although King may not explicitly disclose this activation being performed at initialization, Kancharla discloses: “In some embodiments, the HSM managing VM 106 further includes a PF HSM driver 126 configured to setup and initialize the HSM 102 for operating its HSM partitions 108 with the VF HSM drivers 118 of the HSM-VMs 104… If there are active HSM partitions 108 on the HSM 102, the HSM managing VM 106 checks the integrity of corresponding VM images, creates the plurality of HSM-VMs 104 each dedicated to one of the HSM partitions 108, and uses the commands available to initialize the HSM 102 and manage the HSM partitions 108 of the HSM 102.”, 0058. As such, the combination of Kancharla in view of King would be capable of activating VFs associated with VMs upon initialization.
upon receiving by the SR-IOV capable device an I/O transaction requesting encrypted/decrypted data stored in physical memory, transmitting, by the virtual function associated with the virtual machine, the I/O transaction to a memory controller of the host computer, wherein the I/O transaction includes a request for a particular virtual function, a direct memory address (DMA) location of data being requested and a bus device function (“ For example, the processor 120 may initiate the DMA in response to a cache miss or a data request from a service provide (e.g., OS 105 or I/O adapter 150). “, 0027 ; “ As discussed above, service provider 405A may be an I/O adapter that retrieves and stores data in external data repositories. In one embodiment, the I/O adapter may be a PCIe device that is virtualized using the single root I/O virtualization protocol to generate a SR-IOV physical function (SR-IOV PF) which is used to a configure and manage one or more SR-IOV virtual functions (SR-IOV-VF).”, 0040 ; “The SR-IOV VFs, in contrast, may be able to only move data in and out of the PCIe device.”, 0040 ; “ In addition the computing system may assign a DMA window and a corresponding translation table to the SR-IOV VFs.”, 0040 ; Examiner Note: The request received from the service provider must necessarily specify which DMA location is sought after, and consequently specifies a VF as DMA windows are assigned to individual VFs of the SR-IOV. Moving data in out of the PCIe (SR-IOV) device requires that the SR-IOV VFs transmit the request for data.)
King discloses the transmission of a request for data from an SR-IOV enabled device, but the request in King is not for encrypted/decrypted data and the bus device function is not explicitly requested.
However, Kancharla further discloses: “When an HSM-VM 104 receives a request from the web service host via its network adapter 116, the HSM-VM 104 converts the request into a command for the HSM 102 and passes the command to the HSM partition 108 dedicated to serve the HSM-VM 104 and the web service host.”, 0061 ; “In some embodiments, the objects are encoded and encrypted via an encryption key before being stored in the key store 109, wherein the encryption key is unique for each key store 109.”, 0032 “As shown in the example of FIG. 2, the HSM adapter 202 further includes an SR-IOV PCIe bridge 206 connecting the HSM adapter 202 to the CPU in the computing unit 204 via a first PCIe connection (e.g., PCIe Gen2 x8), wherein PCIe is a high-speed serial computer expansion bus standard designed to support hardware I/O virtualization to enable maximum system bus throughput, low I/O pin count and a small physical footprint for bus devices.”, 0026 ; Examiner Note: requests for specific HSM partitions which are connected to the CPU via a PCIe bus must necessarily specify a bus device function as there are multiple HSM partitions which could be potentially accessed through the bus, and only one is to be accessed.
transmitting, by the DMA, the encrypted/decrypted data to the virtual machine corresponding to the I/O transaction, using the virtual function of the SR-IOV capable device; (“FIG. 1 is a computing system 100 for performing a DMA operation, according to one embodiment described herein.”, see fig.1 – DMA engine 155 transmits data from storage to the VM ; “ Each DMA window and its corresponding translation table may be assigned to a specific service provider in the computing system such as a virtual machine”, 0013 ; “Furthermore, the SR-IOV PFs may have full configuration resources, meaning that the SR-IOV PF can configure or control the coupled PCIe device and move data in and out of the PCIe device. “The SR-IOV VFs, in contrast, may be able to only move data in and out of the PCIe device.”, 0040 )
The retrieved and transmitted data of King may not be encrypted/decrypted, nor is the data request explicitly associated with a virtual machine, however, Kancharla discloses: “In some embodiments, the objects are encoded and encrypted via an encryption key before being stored in the key store 109, wherein the encryption key is unique for each key store 109.”, 0032 ; “When an HSM-VM 104 receives a request from the web service host via its network adapter 116, the HSM-VM 104 converts the request into a command for the HSM 102 and passes the command to the HSM partition 108 dedicated to serve the HSM-VM 104 and the web service host.”, 0061
The system of Kancharla in view of King would be capable of transmitting the retrieved encrypted/decrypted data to the virtual machine corresponding to the I/O transaction. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the system of Kancharla with that of King in order to provide DMA capabilities to the encrypted storage system, thereby allowing the computing system to access memory independently of the processor so that the processor may perform other tasks after the transfer is initiated (King, [0026]).
The system of Kancharla in view of King discloses all of the above limitations of claim 1, but does not disclose a memory controller receiving an I/O transaction.
However, Kaplan discloses:
transmitting, by the virtual function associated with the virtual machine, the I/O transaction requesting encrypted/decrypted data to a memory controller of the host computer (“In some embodiments, the VFs 324 and 326 provide the memory access requests to the IOMMU 322, with the memory access requests including a virtual address targeted by the memory request and a requestor ID that is unique to each for each VF. For example, VF-A 324 transmits a requestor ID of “REQUEST ID-A” along with its memory access request and VF-B transmits a requestor ID of “REQUEST ID-B” along with its memory access request.” 0036)
retrieving, by an input/output memory management unit (IOMMU), the encrypted/decrypted data that is mapped from the DMA memory address to a physical memory address in the physical memory; (“If the request is a secure memory access request (e.g., based on the C-bit being asserted), the IOMMU 322 looks up a VM TAG using the device table 340 based on the requestor ID (e.g., REQUEST ID-A or ID-B) provided by the VF requesting DMA (e.g., one of the VFs 324 and 326 that generated the memory access request). The identified VM TAG is provided to the encryption module 332 of the memory controller 320, which identifies which encryption key should be used with the DMA request (i.e., memory reads use the associated key to decrypt the data from memory 312. Memory writes use the associated key to encrypt the data going to memory 312). Thus, the encryption module 332 selects the one of the security keys 328 and 330 corresponding to the VM TAG output from the IOMMU and performs encryption (in the case of a write request) or decryption (in the case of a read request) on the memory access information (the read data or the write data) using the selected key.”, 0039)
the SR-IOV capable device comprises a crypto engine configured to decrypt the encrypted data received from the physical memory and to encrypt processed data prior to DMA write-back using the encryption key stored in the key store on the SR-IOV capable device (“To provide for cryptographic isolation of information, the memory controller 116 includes an encryption module 122 configured to encrypt and decrypt information according to a specified cryptographic standard, and based on keys 124”, 0016 ; “ Thus, the encryption module 332 selects the one of the security keys 328 and 330 corresponding to the VM TAG output from the IOMMU and performs encryption (in the case of a write request) or decryption (in the case of a read request) on the memory access information (the read data or the write data) using the selected key.”, 0039 ; Examiner Note: the encryption module equates to a crypto engine)
the SR-IOV capable device utilizes address translation services (ATS) to obtain the physical memory address from the DMA memory address (“The IOMMU 322 includes an address translation module 334 and a translation lookaside buffer (TLB) 336 for performing address translation between device virtual addresses used by the I/O device 318 and physical addresses in the memory 312. The IOMMU 322 utilizes the TLB 336 and page tables 338 in memory 312 to obtain a physical address for a specific page of memory being targeted by the memory access request. The page tables 338 map virtual addresses to physical addresses. The physical address is used by the memory controller 320 in order to access the page of memory.”, 0040 ; “The IOMMU 322 looks up the VM TAG based on the requester ID and forwards the physical address targeted by DMA request to the memory controller 320. In some embodiments, the physical address, which is derived after IOMMU address translation, may have its upper bits repurposed to encode VM TAGs for transfer to the encryption module 332.”, 0041 ; Examiner Note: the address translation module equates to an address translation service)
The system of Kancharla in view of King in further view of Kaplan would provide an SR-IOV device including a crypto-engine, address translation services for DMA, and a per-VF encryption key store. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla in view of King with those of Kaplan in order to provide a control bit to the memory addresses of the DMA which provides for efficient information protection while still providing flexibility (Kaplan, [0013]).
Kancharla in view of King in further view of Kaplan fully discloses the above limitations of claim 1, but does not explicitly disclose the application of a tweak function using an absolute address.
However, Yap discloses:
and applies a tweak function using an absolute address of the virtual machine as a plaintext input parameter when encrypting the data for storage in the physical memory (“The encryption engine 302 includes a tweak generator 306 that generates a base tweak based on an address 308 (logical or physical address 116, 210) of the write data 310 being received.”, 0017 ; “the operations comprising: generating a base tweak as a function of an address of a block of data in the memory storage; for each sub-block of the block, performing: processing the base tweak to determine a sub-block tweak; combining the sub-block tweak with the sub-block to produce a modified sub-block; and performing an encryption operation comprising one of encryption or decryption on the modified sub-block to produce sub-block output comprising one of encrypted data”, 0048 ; Examiner Note: the tweak function is necessarily applied to encrypted data prior to storage, as it further encrypts the data for secure storage)
It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla in view of King in further view of Kaplan with those of Yap (0017), in order to provide a system capable of using a tweak function to increase the level of security of the encrypted data stored in a physical memory location of a virtual machine.
As per claim 2, Kancharla in view of King in further view of Kaplan in further view of Yap fully discloses the limitations of claim 1.
Furthermore, Kancharla discloses:
transmitting the encryption key to the I/O device; and storing the encryption key in a key store on the I/O device. (“The HSM managing VM 106 generates and saves required pair of persistent keys and certificate for identification of the HSM service unit 107 as well as a storage encryption key for encrypting the persistent keys in the key store 109 of the HSM partition 108.”, 0060 ; Examiner Note: saving the encryption key in the key store in the HSM partition (equating to an I/O device) necessitates having transmitted the encryption key from the HSM managing VM to the HSM partition first.)
generating, by the secure processor, the encryption key associated with the virtual machine; (“The HSM managing VM 106 generates and saves required pair of persistent keys and certificate for identification of the HSM service unit 107 as well as a storage encryption key for encrypting the persistent keys in the key store 109 of the HSM partition 108.”, 0060 ; Examiner Note: the HSM equates to a secure processor)
Kancharla in view of King in further view of Kaplan in further view of Yap discloses transmitting and storing an encryption key.
Furthermore, Kaplan discloses:
establishing a secure connection between a secure processor and the I/O device; (“The processor 102 also includes an input/output memory management unit (IOMMU) 120 that is used to connect devices (such as the I/O device 106 shown in FIG. 1) to the memory controller 116”, 0012 ; “ The VFs 324 and 326 at the I/O device 318 may employ the memory controller 320 to access secure information 314, 316 in the memory 312 through direct memory access (DMA) requests by initiating a memory access request.”, 0035)
assigning, by the secure processor, the encryption key to the virtual machine upon creation of the virtual machine; (“The encryption module 332 ensures that the secure information 314 and 316 are cryptographically isolated, so that the data stored therein can only be encrypted/decrypted using security keys assigned to their respective VMs/VFs.”, 0035 ; Examiner Note: it is implicit that the configuring and assigning of encryption keys is performed upon creation of the virtual machine)
As per claim 4, Kancharla in view of King in further view of Khosravi fully discloses the limitations of claim 1, but does not disclose the application of a tweak function to the encrypted data prior to storage in physical memory.
However, Yap discloses:
a tweak function is applied to the encrypted data prior to storage in the physical memory. (“The encryption engine 302 includes a tweak generator 306 that generates a base tweak based on an address 308 (logical or physical address 116, 210) of the write data 310 being received.”, 0017 ; “the operations comprising: generating a base tweak as a function of an address of a block of data in the memory storage; for each sub-block of the block, performing: processing the base tweak to determine a sub-block tweak; combining the sub-block tweak with the sub-block to produce a modified sub-block; and performing an encryption operation comprising one of encryption or decryption on the modified sub-block to produce sub-block output comprising one of encrypted data”, 0048 ; Examiner Note: the tweak function is necessarily applied to encrypted data prior to storage, as it further encrypts the data for secure storage)
As per claim 9, Kancharla in view of King in further view of Kaplan in further view of Yap fully discloses the limitations of claim 1.
Furthermore, Kancharla discloses:
the virtual machine is a container in a cloud computing environment. (“The proposed approach enables web service providers hosting their web services at a third-party data center to offload its key management and crypto operations to one or more cloud-based HSMs to save computing resources on the hosts of the web services.”, 0022 ; “The HSM-VMs 104, the HSM managing VM 106 typically run on a network accessible multi-tenant computing unit/appliance/host 103 that is certified under Federal Information Processing Standard (FIPS) for performing secured cryptographic operations”, 0024)
As per claim 10, it is a computer program product claim comprising substantially the same limitations as claim 1, and as such, it is rejected for substantially the same reasons.
As per claim 11, it is a computer program product claim comprising substantially the same limitations as claim 2 provided by the computer program product of claim 10, and as such, it is rejected for substantially the same reasons.
As per claim 13, it is a computer program product claim comprising substantially the same limitations as claim 4, provided by the computer program product of claim 10, and as such, it is rejected for substantially the same reasons.
As per claim 18, it is an apparatus claim comprising substantially the same limitations as claim 1, and as such, it is rejected for substantially the same reasons.
As per claim 19, it is an apparatus claim comprising substantially the same limitations as claim 2, provided by the apparatus of claim 18, and as such, it is rejected for substantially the same reasons.
Claims 3, 12, and 20 are rejected under 35 U.S.C. 103 as being unpatentable Kancharla (US 20150358161 A1) in view of King (US 20150058596 A1) in further view of Kaplan (US 20180107608 A1) in further view of Yap (US 20150169472 A1) in further view of Friedman (DE 112012006148 B4) [published: 2023-02-23, translation by PE2E] .
As per claim 3, Kancharla in view of King in further view of Kaplan in further view of Yap fully discloses the limitations of claim 1, but does not disclose the encrypting of the processed data during a write operation using an encryption key, nor the storing of the encrypted processed data in physical memory.
However, Friedman discloses:
encrypting, during a write operation, the processed data using the encryption key for I/O transmission back to the physical memory; (“exchanging a first key between an I/O device for a network device and a first processing element operating on the network device; receiving data at the I/O device, the data having a destination that corresponds to the associated with the first processing element; encrypting at least a first portion of the received data using the first key; and sending the encrypted first portion to one or more buffers maintained at least in part in memory for the network device, the memory being arranged to allow sharing of the one or more buffers with at least one second processing element operating on the network device”, Par.1, Summary of the Invention)
storing the encrypted processed data in the physical memory. (“I/O device 240 and/or encryption manager 142 may use completion queues 214-1A or 214-1B to indicate to processing elements 212-1 or 212-2 that received data is being placed or stored in buffers that are managed in or near memory 220.”, par. 14, detailed description)
The system of Kancharla in view of King in further view of Kaplan in further view of Yap in further view of Friedman would be capable of encrypting processed data to be sent back to the original processor. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla, King, Kaplan, and Yap with those of Friedman (Par.1, Summary of the Invention), in order to provide a system capable of receiving data at an I/O device, decrypting and processing that data, then encrypting the data to be sent to the processor- thereby providing protection for the data whenever it is being sent by the I/O device or the virtual machine.
As per claim 12, it is a computer program product claim comprising substantially the same limitations as claim 3, provided by the computer program product of claim 10, and as such, it is rejected for substantially the same reasons.
As per claim 20, it is an apparatus claim comprising substantially the same limitations as claim 3, provided by the apparatus of claim 18, and as such, it is rejected for substantially the same reasons.
Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kancharla (US 20150358161 A1) in view of King (US 20150058596 A1) in further view of Kaplan (US 20180107608 A1) in further view of Yap (US 20150169472 A1) in further view of Tian (US 20210064525 A1).
As per claim 5, Kancharla in view of King in further view of Kaplan in further view of Yap fully discloses the limitations of claim 4, but does not disclose the use of address translation services by an I/O device in order to perform translations of a DMA memory address to a physical address of encrypted data.
However, Tian discloses:
the I/O device utilizes address translation services to perform translations of the DMA memory address to a physical memory address of the encrypted data. (“The remapping hardware 721 may be employed to remap page requests that access translation tables populated by a VMM of a virtual machine for purposes of translating addresses of shared virtual memory (SVM) for the I/O devices 760. At least some of the I/O devices 760 may include a device TLB (DEVTLB) 762 and/or an address translation cache (ATC) to cache local copies of (typically) the host physical addresses of DMA addresses of the pages 711 in the memory 770”, 0077 )
It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla, King, Kaplan, and Yap with those of Tian (0077), in order to provide a system wherein an I/O device connected to virtual machine has knowledge of the physical memory addresses of encrypted data- allowing the I/O device to request and acquire encrypted data on a VM without relying on the VM’s address translation services.
As per claim 14, it is a computer program product claim comprising substantially the same limitations as claim 5, provided by the computer program product of claim 10, and as such, it is rejected for substantially the same reasons.
Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kancharla (US 20150358161 A1) in view of King (US 20150058596 A1) in further view of Kaplan (US 20180107608 A1) in further view of Yap (US 20150169472 A1) in further view of Tian (US 20210064525 A1) in further view of Durham (US 20200057664 A1).
As per claim 6, Kancharla in view of King in further view of Kaplan in further view of Yap in further view of Tian fully discloses the limitations of claim 5, but does not disclose the use of an absolute address of a virtual machine as a plaintext input parameter for a tweak function.
However, Durham discloses:
an absolute address of the virtual machine is used as a plaintext input parameter for the tweak function. (“For example, a tweak function may use a physical memory address as a tweak to a block cipher to bind unencrypted data with the physical memory address. The tweak function 445 may include, for example, XTS (XOR-encrypt-XOR/XEX-based tweaked codebook mode with ciphertext stealing) algorithm, Liskov, Rivest, and Wagner (LRW) algorithm, and so on, or combinations thereof.”, 0111)
It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla, King, Kaplan, Yap, and Tian with those of Durham (0111) in order to provide a system wherein data within the virtual machine is encrypted using a tweak function taking an absolute address as an input to the tweak function; thereby providing an additional layer of security to the data.
As per claim 15, it is a computer program product claim comprising substantially the same limitations as claim 6, provided by the computer program product of claim 10, and as such, it is rejected for substantially the same reasons.
Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Kancharla (US 20150358161 A1) in view of King (US 20150058596 A1) in further view of Kaplan (US 20180107608 A1) in further view of Yap (US 20150169472 A1) in further view of Cohen (US 12056067 B1) in further view of Cignetti (US 20160182473 A1).
As per claim 7, Kancharla in view of King in further view of Kaplan in further view of Yap fully discloses the limitations of claim 1, but does not disclose the I/O device including a crypto engine for performing cryptographic functions or key store for storing encryption keys associated with virtual machines.
However, Cohen discloses:
I/O device includes a key store for storing encryption keys associated with virtual machines and a crypto engine for performing cryptographic functions with the encryption keys. ( “In certain examples, the I/O devices may include network controllers, accelerator engines, crypto-engines, I/O adapters, among others.”, 0012)
It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla, King, Kaplan, and Yap with those of Cohen (0012), in order to provide the I/O device with the tools necessary to perform encryption and decryption- thereby allowing for the processing burden of encryption/decryption to be offloaded to an external I/O device.
Cohen may disclose an I/O device including a crypto-engine, but does not explicitly disclose the I/O device having a key store.
However, Cignetti discloses; “In one embodiment, I/O interface 9030 may be configured to coordinate I/O traffic between processor 9010, system memory 9020, and any peripheral devices in the device, including a local secure key store such as a trusted platform module (TPM) 966”, 0063.
It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla, King, Kaplan, Yap, and Cohen (0012), with those of Cignetti (0063) in order to provide the I/O device with both a crypto-engine and key store- thereby allowing for the processing burden of encryption/decryption to be offloaded to an external I/O device which already possesses the required encryption keys.
As per claim 16, it is a computer program product claim comprising substantially the same limitations as claim 7, provided by the computer program product of claim 10, and as such, it is rejected for substantially the same reasons.
Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kancharla (US 20150358161 A1) in view of King (US 20150058596 A1) in further view of Kaplan (US 20180107608 A1) in further view of Yap (US 20150169472 A1) in further view of Habusha (US 9959214 B1).
As per claim 8, Kancharla in view of King in further view of Kaplan in further view of Yap fully discloses the limitations of claim 1, but does not disclose the I/O device being an SRIOV device capable of direct memory access I/O transactions with a virtual machine.
However, Habusha discloses:
the I/O device is an SRIOV device capable of direct memory access I/O transactions with the virtual machine. (“For example, in some embodiments, SRIOV (single root input output virtualization) functionality can be utilized to have direct access to the devices 514 using virtual functions.”, 0042 ; “The IOTLB 516 may get a translation request for a transaction initiated by any of the devices 514 with a DMA address programmed directly by any of the virtual machines 504A-504N.”, 0045 )
It would have been obvious to one of ordinary skill in the art, before the effective filing date, to combine the teachings of Kancharla, King, Kaplan, and Yap with those of Habusha, in order to provide an I/O device which is capable of directly accessing the hardware of a virtual machine- thereby bypassing the hypervisor and consequently reducing the overhead (latency, throughput) of the request.
As per claim 17, it is a computer program product claim comprising substantially the same limitations as claim 8, provided by the computer program product of claim 10, and as such, it is rejected for substantially the same reasons.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure:
Anson (US 20070283450 A1) – discloses a method supports secure input/output (I/O) communications between an I/O device and a data processing system via a keyboard, video, and mouse (KVM) switch. An example embodiment includes the operations of establishing a first secure communication channel between the KVM switch and the I/O device and establishing a second secure communication channel between the KVM switch and the data processing system.
Jung (US 20160366130 A1) – discloses a method for providing a security service for a virtualized environment including a host virtual machine and a separate secure virtual machine communicatively coupled to a user I/O device.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROSS MICHAEL VINCENT whose telephone number is (703)756-1408. The examiner can normally be reached Mon-Fri 8:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, April Blair can be reached on (571) 270-1014. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/R.M.V./
Examiner, Art Unit 2196
/APRIL Y BLAIR/Supervisory Patent Examiner, Art Unit 2196