EVENT INTERCEPTION CONTROL BY A TRUSTED LAYER OF A VIRTUAL MACHINE

§103 §112

DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are presented for examination. This office action is in response to the Amendment/Remarks on 1/27/26. Specification The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the following is required: As to claims 1-2, 10, and 12-13, there is a lack of antecedent basis in the specification for the claimed term “processor control register”. This term was not found in the specification. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. As to claim 1, the scope of the limitation “process control register” (lines 3 and 8) is unclear in light of the specification. The specification does not disclose a “process control register” but instead describes (i) a “security control register 105” that stores security control information used to configure interception ([0016]; [0026]-[0027]; [0039], Figs. 1 and 4, etc.), and (ii) separate “control registers 346” (e.g., CR0) ([0028]-[0030], Fig.3-4, etc.) whose programming may itself be an event/command that is intercepted. It is unclear which disclosed register corresponds to the claimed “processor control register,” making the scope of claim 1 unclear. In addition, regarding claim 1’s phrase “independent of software execution” is unclear because it is ambiguous whether the software execution is entirely excluded, or whether the phrase merely indicates that the interception is hardware-enforced rather than software-controlled, for example. The specification does not define or disclose the term, and does not describe the phrase with reasonable certainty. Since the scope of the claim cannot be ascertained, the phrase is indefinite. Furthermore, the specification describes intercepting events “rather than executing them ([0011], [0026], and [0030] of specification) but does not describe detection of an event “prior to execution” (line 5 of claim 1) nor define when execution of an event begins, rendering the scope of the claim unclear. As to claims 10 and 12 they are both rejected for the same reasons as stated in the rejection of claim 1. As to claims 2-9, 11, and 13-20, they are rejected as being dependent on rejected claims 1, 10, and 12, and also failing to cure their deficiencies. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kaplan et al. (US 2021/0109798 A1) (hereinafter Kaplan) in view of Sahita et al. (hereinafter SAHITA) (US 2020/0409734 A1). As to claim 1, Kaplan teaches a method comprising: receiving a first request from a virtual machine (VM1 104) to store hardware control information (Mode control register 111 and event control information 118/444) in a processor control register (Mode Control 111 is a register controlling security modes) of a processor to configure secure hardware (Processor Core 102, Mode Control register 111, Event Interface 109, etc.) of the processor (Processor 101) to intercept (via interrupt or exception) a first event (Event 108) at the processor (Processor 101/Processor Core 102) (Abstract; [0022]-[0024]; [0027]-[0029]; [0031]; [0034]; Figs. 1 and 4); and in response to detecting the first event (Event 108) intercepting (event being an exception) the first event based on the hardware control information stored in the processor control register (Mode control register 111 and event control information 118/444) ([0012]; [0017]-[0018]; [0043]; Figs 1 and 4). KAPLAN does not explicitly teach as a whole: in response to detecting the first event by the secure hardware prior to execution of the first event, intercepting, by the secure hardware and independent of software execution, the first event based on the hardware control information stored in the processor control register (emphasis in bold by Examiner). However, SAHITA teaches that secure hardware (SEAM hardware and MMU) is configured using hardware control information (TD key ID 352, EPT pointers 354, 356, etc.) stored in processor control registers (control registers 116B) in response to virtual machine (TD-VM 155) execution, explaining that “both the TD encryption key ID 352 and the EPT pointers” are “configured into the control registers 116B” as part of “launching (VMLAUNCH) or resuming (VMRESUME) of the TD-VMM 146 or one of the TD-VMs 155” and that these values are provided “from the VMCSs” ([0084]; Fig. 3A and B). In addition, SAHITA that secure hardware intercepts events at the processor independent of software execution, stating that when a configured or non-configured event occurs, “the INVEPT instruction causes the logical processor to execute a VM exit into the SEAM” and that the SEAM module operates as “a secure arbitration mode (SEAM) of the processor” in which “the logical processor state may be protected from the VMM” with enforcement performed by hardware mechanisms using control-register state accessed by the MMU ([0038]-[0039]; [0075]). Therefore, SAHITA teaches that interception occurs prior to execution because the processor performs a VM Exit before the guest instruction completes, and independent of software execution because the decision to intercept is enforced by processor hardware operating in SEAM using control-register state, rather than by guest or hypervisor software ([0038]-[0039]; [0075]; [0084]). KAPLAN and SAHITA are analogous art with the claimed invention because they are in the same field of endeavor of processor virtualization for secure computing. It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify KAPLAN to include SAHITA’s teachings of in response to detecting the first event by the secure hardware prior to execution of the first event, intercepting, by the secure hardware and independent of software execution, the first event based on the hardware control information stored in the processor control register to cover the broadest reasonable interpretation of claim 1. The suggestion/motivation for doing so would have been to improve security in virtualized systems by removing reliance or being independent from a VMM/hypervisor or guest software for security enforcement (SAHITA: [0034]; [0037]-[0038]; [0084]). As to claim 2, Kaplan teaches wherein: the virtual machine comprises a plurality of layers including a first layer (the guest virtual machine includes both a secure layer to manage security for the guest and one or more non-secure layers to handle event processing) (Abstract); and storing the control information (event control information 118) in the processor control register in response to receiving the first request from the first layer (secure layer 120) (Abstract; [0031]; [0041]-[0045]; Fig. 1). As to claim 3, Kaplan teaches wherein the first request comprises a request to intercept (via interrupt or exception, etc.) the first event associated with a second layer (non-secure layer 132) of the plurality of layers of the virtual machine (guest virtual machine) (Abstract; [0020]; [0031]). As to claim 4, Kaplan teaches wherein the first layer (secure layer 120) is associated with a first level of trust (designated virtual machine privilege level 0 (VMPL0)) and the second layer (non-secure layer 132) is associated with a second level of trust (non-secure layer 132 is a VMPL3 layer), the second level of trust indicating a lower level of security than the first level of trust ([0020]; [0024]; [0029]; Figs. 1-5). As to claim 5, Kaplan teaches wherein intercepting the first event comprises intercepting the first event in response to the first event being triggered by the second layer of the virtual machine ([0020]; [0024]-[0025]; [0009]; [0034]). As to claim 6, Kaplan does not explicitly teach allowing execution of the first event in response to the first event being triggered by a third layer of the virtual machine. Specifically, Kaplan does explicitly teach event handling at a virtual machine using secure layers, but is limited to two layers of privilege (VMPL0 and VMPL3) ([0024]-[0030]; Fig. 1). Kaplan does not explicitly disclose the use of a third layer involved in its handling of events. However, SAHITA teaches a third privilege layer relataive to a virtual machine by introducing a secure arbitration mode (SEAM) of the processor that operates with higher privilege than both the guest virtual machine and the host hypervisor ([0064]; [0038]). It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify Kaplan by adding a third virtual machine layer as disclosed in SAHITA to enhance security of each guest from vulnerabilities in the kernel which could potentially be exploited. As to claim 7, Kaplan teaches wherein the first event comprises a command to modify a register (VMSA (Encrypted) 442, mode control register 111, security register, and/or task priority register) ([0027]-[0029]; claims 7-8; Fig. 4). As to claim 8, Kaplan teaches wherein the register (VMSA region 442) stores control information (control information 444) for the processor (processor 101) (VMSA region 442 stores event control information 444 that governs one or more of what events are processed by the guest 104 and how those events are processed) ([0040]-[0046]). As to claim 9, Kaplan (Abstract; [0013]; [0016]; Fig. 1) and SAHITA ([0038]-[0039]; [0075]) teaches wherein the first event (interrupt or exception) comprises an instruction. As to claim 10, it is rejected for the same reasons as stated in the rejection of claim 1. As to claim 11, Kaplan teaches wherein the first layer (secure layer 120) and the second layer (non-secure layer 132) of the virtual machine are associated with different levels of trust (designated virtual machine privilege level 0 (VMPL0) vs non-secure layer 132 is a VMPL3 layer) ([0020]; [0024]; [0029]; Figs. 1-5). As to claim 12, it is rejected for the same reasons as stated in the rejection of claim 1. As to claim 13, it is rejected for the same reasons as stated in the rejection of claim 2. As to claim 14, it is rejected for the same reasons as stated in the rejection of claim 3. As to claim 15, it is rejected for the same reasons as stated in the rejection of claim 4. As to claim 16, it is rejected for the same reasons as stated in the rejection of claim 5. As to claim 17, it is rejected for the same reasons as stated in the rejection of claim 6. As to claim 18, Kaplan teaches wherein the first event (interrupts or exceptions) comprises a command to modify a second register (TPR register, security register, etc.) ([0009]-[0010]; [0017]; [0041]-[0043]). As to claim 19, Kaplan teaches wherein the first event comprises an exception (event can be interrupt or exception) (Abstract). As to claim 20, it is rejected for the same reasons as stated in the rejection of claim 7. Response to Arguments Applicant’s arguments have been fully considered but are moot in view of the new grounds of rejections. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH TANG whose telephone number is (571)272-3772. The examiner can normally be reached Monday-Friday 7AM-3PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bradley Teets can be reached at 571-272-3338. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KENNETH TANG/Primary Examiner, Art Unit 2197