REGISTER PROTECTION FOR CONFIDENTIAL COMPUTING ENVIRONMENT

DETAILED ACTION Claims 1-20 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 2/16/2026 has been entered. Response to Arguments Applicant's arguments with respect to the 35 U.S.C. 103 rejections (Remarks pp. 6-8) are moot in view of the Examiner’s new ground of rejections based on added references to address applicant’s amendments. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 6-8, 13-14, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 20230059273 A1) in view of Tsirkin (US 20210406054 A1) and Roberts (US 20170161204 A1). Regarding Claim 1, Wang teaches a method comprising: in response to a virtual machine stopping execution at a processor, data written a subset of registers associated with the virtual machine ( Wang discloses, “Non-Automatic VM Exits. VMEXITs in SEV-ES and SEV-SNP are classified as either Automatic VM Exits (AEs) or Non-Automatic VM Exits (NAEs),” ¶ 0042, “Cipherleak attacks may be mitigated (e.g., with the help of hardware) by introducing freshness to ciphertext blocks; specifically, by introducing randomness to the ciphertext blocks, such as in the VMSA where registers' values of SEV VM are stored. In this way, ciphertext of the same plaintext may be generated differently at different VMEXITs. As a result, an attacker cannot infer the registers' values stored in VMSA,” ¶ 0149, and “(1) Before hardware saves the registers' values in the VMSA during a VMEXIT, the hardware may generate one or more random numbers and protect them in a memory area where the software cannot reach or encrypt them. (2) Before saving the registers' values in the VMSA, the hardware may apply an XOR operation to registers' values and random numbers generated in step (1),” ¶ 0150. The claimed “randomizing” is mapped to the disclosed XOR operation applied to the registers’ values with the random numbers. This mapping is consistent with the specification of the present application, which states that “The processor then encrypts the nonce value and stores the encrypted nonce value at the secure region of memory. In some embodiments, the hash function is a bit-wise XOR operation between the register value and the nonce value,” Spec. ¶ 0013.); encrypting the ( Wang discloses, “(2) Before saving the registers' values in the VMSA, the hardware may apply an XOR operation to registers' values and random numbers generated in step (1). Then the hardware may encrypt the result of the XOR operation and store the results in the VMSA,” ¶ 0150); and writing the encrypted ( Wang discloses, “In one or more embodiments, Cipherleak attacks may be mitigated (e.g., with the help of hardware) by introducing freshness to ciphertext blocks; specifically, by introducing randomness to the ciphertext blocks, such as in the VMSA where registers' values of SEV VM are stored. In this way, ciphertext of the same plaintext may be generated differently at different VMEXITs. As a result, an attacker cannot infer the registers' values stored in VMSA,” ¶ 0149, and “Then the hardware may encrypt the result of the XOR operation and store the results in the VMSA,” ¶ 0150.). Wang does not teach wherein the values of the subset of registers are selectively randomized, or values of data written by the virtual machine and stored at a subset of registers associated with the virtual machine. However, Tsirkin teaches wherein the values of the subset of registers are selectively randomized ( Tsirkin discloses, “The encryption key itself may be generated from a hardware random number generator and may be stored in dedicated hardware registers within processing device 123 where it cannot be directly read by software,” ¶ 0021, “SEV allows VMs to control whether a memory page will be encrypted (private) or unencrypted (shared). This choice is done using the standard CPU page tables, and may be fully controlled by the VM,” ¶ 0023. This is selectively randomizing because the encryption key is generated from a random number generator, and the encryption key is used to encrypt selected storage locations. After the combination of Wang with Tsirkin, the encryption key from Tsirkin is used to encrypt selected registers from Wang.). Wang and Tsirkin are both considered to be analogous to the claimed invention because they are in the same field of computer security. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wang to incorporate the teachings of Tsirkin and provide wherein the values of the subset of registers are selectively randomized. Doing so would help allow more secure storage of data and reduce computation by only encrypting data that needs to be encrypted (Tsirkin discloses, “Thus, when a component such as a hypervisor attempts to read guest memory of a VM, it is only able to see the encrypted bytes,” ¶ 0021.). Wang in view of Tsirkin does not teach values of data written by the virtual machine and stored at a subset of registers associated with the virtual machine. However, Roberts teaches values of data written by the virtual machine and stored at a subset of registers associated with the virtual machine ( Roberts discloses, “To submit the GPU task to the GPU, the VM writes to a generic kick register (block 35)… the kick register address is mapped to a physical address for the kick register for the correct VM by the CPU R-MMU 120 (block 312) and this may be based on the OS_ID which is received by the CPU R-MMU 120 along with the write command or may use another mechanism which is present in the CPU to select the right mappings based on the current VM that is executing. As described above, the SOCIF 112 monitors the address range corresponding to the GPU registers 114 and so detects the write (block 314). As a result of the write to the VM specific kick register 130, an event is generated in the microprocessor 58 within the GPU 54 (block 316) and this triggers the running of a task by the microprocessor 58 (block 318),” ¶ 0036, and “In the description above there is a kick register allocated to each VM,” ¶ 0039. Here, the VM writes data to a generic kick register, which is then mapped to a VM specific kick register based on the OS_ID of the VM. This means that the VM writes data to a register associated with said VM. After the combination of Wang in view of Tsirkin, with Roberts, the data stored in the subset of registers associated with the virtual machine from Wang in view of Tsirkin is written by the virtual machine, as specified by Roberts.). Wang in view of Tsirkin, and Roberts are both considered to be analogous to the claimed invention because they are in the same field of virtual machines. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wang in view of Tsirkin to incorporate the teachings of Roberts and provide values of data written by the virtual machine and stored at a subset of registers associated with the virtual machine. Doing so would help allow the virtual machine greater control over the data being written into memory, which would help allow for increased flexibility, security and/or control. Claim 8 and Claim 14 are a processor claim and a system claim (Wang discloses, “In one or more embodiments, aspects of the present patent document may be directed to, may include, or may be implemented on one or more information handling systems (or computing systems),” ¶ 0182), respectively, corresponding to the method Claim 1. Therefore, Claim 8 and Claim 14 are rejected for the same reason set forth in the rejection of Claim 1. Regarding Claim 6, Wang in view of Tsirkin and Roberts teaches the method of claim 1, wherein the values are guest register values associated with the virtual machine. ( Wang discloses, “(1) Before hardware saves the registers' values in the VMSA during a VMEXIT, the hardware may generate one or more random numbers and protect them in a memory area where the software cannot reach or encrypt them,” ¶ 0150. The disclosed “registers’ values” are initially not inside the VMSA, therefore, the values are considered guest register values that are associated with the virtual machine by being saved into the VMSA). Claim 13 and Claim 19 are a processor claim and a system claim, respectively, corresponding to the method Claim 6. Therefore, Claim 13 and Claim 19 are rejected for the same reason set forth in the rejection of Claim 6. Regarding Claim 7, Wang in view of Tsirkin and Roberts teaches the method of claim 1, further comprising: initiating selectively randomizing in response to receiving an indication from the virtual machine to selectively randomize ( Wang discloses, “After copying those registers' states to the GHCB, the VC handler executes a VMGEXIT instruction to trigger an AE [Automatic VM Exit] VMEXIT,” ¶ 0043, and “(1) Before hardware saves the registers' values in the VMSA during a VMEXIT, the hardware may generate one or more random numbers and protect them in a memory area where the software cannot reach or encrypt them. (2) Before saving the registers' values in the VMSA, the hardware may apply an XOR operation to registers' values and random numbers generated in step (1),” ¶ 0150. The claimed “indication from the virtual machine to selectively randomize” is mapped to the disclosed VMGEXIT instruction. The VMGEXIT instruction is a direction, a strong form of indication, to execute VMEXIT which comprises selective randomization. Therefore, The VMGEXIT instruction is an indication to randomize. Further, “in response to” receiving the VMGEXIT instruction, during the VMEXIT, the system generates random numbers to XOR with the registers.). Claim 20 is a system claim corresponding to the method Claim 7. Therefore, Claim 20 is rejected for the same reason set forth in the rejection of Claim 7. Claims 2-4, 9-11 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 20230059273 A1) in view of Tsirkin (US 20210406054 A1), Roberts (US 20170161204 A1), and Makke (US 20230177202 A1). Regarding Claim 2, Wang in view of Tsirkin and Roberts teaches the method of claim 1, wherein selectively randomizing comprises: generating, at hardware circuitry of the processor, a nonce value comprising a pseudo-random or random value ( Wang discloses, “(1) Before hardware saves the registers' values in the VMSA during a VMEXIT, the hardware may generate one or more random numbers and protect them in a memory area where the software cannot reach or encrypt them,” ¶ 0150). Wang in view of Tsirkin and Roberts does not teach hashing the nonce value with the values. However, Makke teaches hashing the nonce value with the values ( Makke discloses, “…compute a hash value using a combination of both the access identifier and the random value…” ¶ 0003. After Wang in view of Tsirkin and Roberts is combined with Makke, the random numbers(s) are hashed with the nonce value). Wang in view of Tsirkin and Roberts, and Makke are both considered to be analogous to the claimed invention because they are in the same field of computer resource management. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wang in view of Tsirkin and Roberts to incorporate the teachings of Makke and provide hashing the nonce value with the values. Doing so would help enhance security of the system (Makke discloses, “This allow for the requirements on the channel transmitting anonymized data to avoid the implementation of stringent rules, as the anonymized data cannot be linked to a user via that channel,” ¶ 0015.). Claim 9 and Claim 15 are a processor claim and a system claim, respectively, corresponding to the method Claim 2. Therefore, Claim 9 and Claim 15 are rejected for the same reason set forth in the rejection of Claim 2. Regarding Claim 3, Wang in view of Tsirkin, Roberts, and Makke teaches the method of claim 2, further comprising: encrypting the nonce value ( Wang discloses, “Then the hardware may encrypt the result of the XOR operation and store the results in the VMSA,” ¶ 0150); and storing the encrypted nonce value at a location within the secure region of memory allocated to the virtual machine ( Wang discloses, “Then the hardware may encrypt the result of the XOR operation and store the results in the VMSA,” ¶ 0150). Claim 10 and Claim 16 are a processor claim and a system claim, respectively, corresponding to the method Claim 3. Therefore, Claim 10 and Claim 16 are rejected for the same reason set forth in the rejection of Claim 3. Regarding Claim 4, Wang in view of Tsirkin, Roberts, and Makke teaches the method of claim 3, further comprising: in response to the virtual machine resuming execution at the processor, reading the encrypted nonce value from the location ( Wang discloses, “After the VMRUN instruction, the guest VM's execution will resume after the VMGEXIT instruction inside the VC handler, which copies the return values from the GHCB to the corresponding registers, and then exits the VC handler,” ¶ 0043, and “(3) When running VMRUN, the hardware may decrypt the data encrypted in step (2),” ¶ 0150.); decrypting the encrypted nonce value ( Wang discloses, “(3) When running VMRUN, the hardware may decrypt the data encrypted in step (2),” ¶ 0150); reading and decrypting the encrypted selectively randomized values from the registers ( Wang discloses, “(3) When running VMRUN, the hardware may decrypt the data encrypted in step (2) and apply an XOR operation to the random number(s) from step (1). Therefore, the plaintext may be recovered and put back to the registers.” ¶ 0150); and hashing the nonce value with the selectively randomized values ( Makke discloses, “…compute a hash value using a combination of both the access identifier and the random value…” ¶ 0003. After Wang in view of Tsirkin and Roberts is combined with Makke, the XOR operation is followed by the hashing of the random numbers(s) with the nonce value). Claim 11 and Claim 17 are a processor claim and a system claim, respectively, corresponding to the method Claim 4. Therefore, Claim 11 and Claim 17 are rejected for the same reason set forth in the rejection of Claim 4. Claims 5, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 20230059273 A1) in view of Tsirkin (US 20210406054 A1), Roberts (US 20170161204 A1), and Bose (US 20070220366 A1). Regarding Claim 5, Wang in view of Tsirkin and Roberts teaches the method of claim 1. Wang in view of Tsirkin and Roberts does not teach further comprising: selecting for randomization values written by the virtual machine to general purpose registers and floating-point registers. However, Bose teaches further comprising: selecting for randomization values written by the virtual machine to general purpose registers and floating-point registers ( Bose discloses, “One standard method for protecting data stored in microprocessor register arrays from soft errors is parity protection or error correction code (ECC) protection. Whenever new data is written into a register array, parity or ECC is generated and stored either in the same memory arrays as the data or in a separate memory array… Examples of registers located in a processor core include general purpose registers which hold operands for logic and integer computations or address calculations, floating point registers which hold operands for floating point computations…,” ¶ 0070. After the combination of Wang in view of Tsirkin and Roberts, with Bose, the registers that have the randomized values written to them become general purpose and floating-point registers.). Wang in view of Tsirkin and Roberts, and Bose are both considered to be analogous to the claimed invention because they are in the same field of computer resource management. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wang in view of Tsirkin and Roberts to incorporate the teachings of Bose and provide selecting for randomization values written by the virtual machine to general purpose registers and floating-point registers. Doing so would help store the operands for logic and integer computations or address calculations, or operands for floating point computations, respectively. (Bose discloses, “Examples of registers located in a processor core include general purpose registers which hold operands for logic and integer computations or address calculations, floating point registers which hold operands for floating point computations,” Bose, ¶ 0070. A number is either an integer or a floating-point number. In order for all numbers to be stored, in view of the teaching from Bose, the combination of general purpose and floating-point registers needs to be used.). Claim 12 and Claim 18 are a processor claim and a system claim, respectively, corresponding to the method Claim 5. Therefore, Claim 12 and Claim 18 are rejected for the same reason set forth in the rejection of Claim 5. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Conde Marques et al. (US 20120151223 A1): Method for Securing a Computing Device with a Trusted Platform Module-TPM Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUN whose telephone number is (571)272-6735. The examiner can normally be reached Monday-Friday 8:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aimee Li can be reached at (571) 272-4169. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANDREW NMN SUN/Examiner, Art Unit 2195 /Aimee Li/Supervisory Patent Examiner, Art Unit 2195