DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03):
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”
Please note that the above statement can only be submitted via Central Fax, Regular postal mail, or EFS Web (PTO/SB/439).
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In adhering to the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG), Step 1 is directed to determining whether or not the claims fall within a statutory class. Herein, the claims fall within statutory class of process, machine or manufacture. Hence, the claims qualify as potentially eligible subject matter under 35 U.S.C §101. With Step 1 being directed to a statutory category, the analysis directed to Step 2A.
Step 2A is a two prong inquiry. Prong 1 considers whether the claim recites a judicial exception (an abstract idea enumerated in the 2019 PEG, a law of nature, or a natural phenomenon). In this case independent claim 1 recites mental processes as applied to human activity (i.e. concepts performed in the human mind but for the recitation of generic computing components).
For example, the following claimed steps are functions that can be reasonably carried out in the human mind with the aid of pen and paper, through observation, evaluation, judgment, and/or opinion:
in response to receiving the request, register the application to receive the fork notifications;
subsequent to registering the application to receive fork notifications, determine that the virtual machine has been forked; and
in response to determining that the virtual machine has been forked: determine that the application is registered to receive fork notifications.
For example, but for the recitation of generic computing components, steps a-c can be completed in the human mind with the aid of pen and paper through observation, evaluation, judgment, and/or opinion. “As the Federal Circuit has explained, ‘[c]ourts have examined claims that required the use of a computer and still found that the underlying, patent-ineligible invention could be performed via pen and paper or in a person’s mind.’ Versata Dev. Group v. SAP Am., Inc., 793 F.3d 1306, 1335, 115 USPQ2d 1681, 1702 (Fed. Cir. 2015).” (MPEP 2106.04(a)(2) (III)). Steps a-c describe collecting information and analyzing it at a high level of generality. These steps also recite collecting and comparing known information. According to the MPEP, these steps are examples of mental processes, thus it is reasonable to identify these limitations as reciting a mental process. (MPEP 2106.04(a)(2) III C)).
Since the claims are directed toward a judicial exception, analysis flows to Prong 2. Prong 2 considers whether the judicial exception is integrated into a practical application. In this case, the judicial exception is not integrated into a practical application because the claim language merely describes steps of collecting data, field of use/technological environment, and using a computer as a tool to apply the abstract idea and fails to describe an improvement to the functioning of a computer or other technical field. The additional elements recited in the claim do not integrate the judicial exception into a practical application for the following reasons:
The additional elements of “system comprising: a processor,” and “a memory including instructions that are executable by the processor to” are recited at a high level of generality and amounts to using a generic computing component as a tool to apply the abstract idea (MPEP § 2106.05(f)). These additional elements also appears to be an attempt to generally linking the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
The additional element of “receive a request, from an application executing in a virtual machine, for registering the application to receive fork notifications” amounts to insignificant extra-solution data gathering/data transmission activity (MPEP § 2106.05(g)).
The additional element of “wherein the application is configured to perform an operation using first data” appears to be an attempt to generally linking the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
The additional elements of “ based on determining that the application is registered to receive fork notifications, transmit a fork notification to the application” amounts to insignificant extra-solution data transmission activity. (MPEP 2106.05(c)).
The additional element of “the application being configured to receive the fork notification and responsively obtain second data for use in performing the operation, the second data being different from the first data” appears to be an attempt to generally linking the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
Since the claims are directed to the determined judicial exception, the analysis flows to Step 2B. Therein, the elements and combination of elements are examined in the claims to determine whether the claims as a whole amounts to significantly more than the judicial exception. In this case, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. It is noted here that the elements should be considered both individually and as an ordered combination. In this case, the claimed “system comprising: a processor,” and “a memory including instructions that are executable by the processor to” are generically recited as mere instructions to implement an abstract idea on a computer. Thus, these steps do not add significantly more to the respective limitations.
Taken as an ordered combination, the afore-mentioned limitations are directed to limitations referenced in Alice Corp. (also called the Mayo test) that are not enough to qualify as significantly more when recited in a claim with an abstract idea. (MPEP § 2106.05 (I)(A)), “Limitations that the courts have found not to be enough to qualify as “significantly more” when recited in a claim with a judicial exception include: i. …mere instructions to implement an abstract idea on a computer.” Furthermore, the processor that performs the claimed steps is recited at a high level of generality and its broadest reasonable interpretation comprises only a generic node to simply perform the generic computer functions of processing and transmitting information. “A transformation applied to a generically recited article or to any and all articles would likely not provide significantly more than the judicial exception.” (MPEP 2106.05(c)).
The limitations cited as insignificant extra-solution activities also do not add “significantly more” for the reasons cited in the Step 2A analysis. Furthermore, the courts have also recognized the following computer functions as well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity: i. Receiving or transmitting data over a network……iv. Storing and retrieving information in memory. Viewed as a whole, these additional claim elements do not provide meaningful limitations to transform the abstract idea into a patent eligible application of the abstract idea such that the claims amount to significantly more than the abstract idea itself (Note MPEP 2106.05(a)). Since there are no elements or ordered combination of elements that amount to significantly more than the judicial exception, the claims are not eligible subject matter under 35 USC §101.
For the above reasons, the claims of this application are not patentable under 35 USC 101.
Regarding claim 2, the additional elements of “wherein the application is configured to initiate a restartable sequence in response to receiving the fork notification, the restartable sequence being executable to generate the second data” amounts to using a generic computing component as a tool to apply the abstract idea (MPEP § 2106.05(f)).
Regarding claim 3, the additional elements of “wherein the instructions are further executable by the processor for causing the processor to determine that the virtual machine has been forked based on a notification received from a hypervisor supporting the virtual machine, the notification indicating that the virtual machine has been forked” amounts to using a generic computing component as a tool to apply the abstract idea (MPEP § 2106.05(f)). The additional elements also appears to be an attempt to generally link the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
Regarding claim 4, the additional elements of “wherein the notification is an interrupt that is generated by the hypervisor” amounts to using a generic computing component as a tool to apply the abstract idea (MPEP § 2106.05(f)). The additional elements also appears to be an attempt to generally link the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
Regarding claim 5, the additional elements of “wherein the first data is a first secret and the second data is a second secret” appears to be an attempt to generally link the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
Regarding claim 6, recites additional abstract idea recitations of: “register the application to receive the fork notifications ...;” and “determine that the application is registered to receive the fork notifications by consulting the datastore.” Thes steps, as drafted, recite a process that, but for the recitation of generic computing components, under its broadest reasonable interpretation, covers performance of the steps in the mind. For example, a person can think and evaluate whether to register an application. A person can also think and evaluate to determine that an application is registered by consulting a datastore.
The additional elements of “wherein the instructions are further executable by the processor for causing the processor to” and a “datastore” amounts to using a generic computing component as a tool to apply the abstract idea (MPEP § 2106.05(f)). The recitation of a “processor” and a “datastore” also appears to be an attempt to generally link the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)). These additional elements do not integrate the abstract idea into a practical application or amount to “significantly more” for the reasons cited above. The additional elements also do not amount to significantly more because “[c]ourts have recognized the following computer functions as well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity....i. Receiving or transmitting data over a network,... iii. Electronic recordkeeping... [and]iv. Storing and retrieving information in memory.”
Regarding claim 7, the additional elements of “wherein the instructions correspond to a supervisory program that is executable by the processor” amounts to using a generic computing component as a tool to apply the abstract idea (MPEP § 2106.05(f)). The additional elements also appears to be an attempt to generally link the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
Regarding claim 8, this claim is not patent eligible for the same reasons given for claim 1 for the common limitations.
Regarding claim 9, this claim is similar to claim 2 and is ineligible for the same reasons.
Regarding claim 10, this claim is similar to claim 3 and is ineligible for the same reasons.
Regarding claim 11, this claim is similar to claim 4 and is ineligible for the same reasons.
Regarding claim 12, this claim is similar to claim 5 and is ineligible for the same reasons.
Regarding claim 13, this claim is similar to claim 6 and is ineligible for the same reasons.
Regarding claim 14, this claim is similar to claim 7 and is ineligible for the same reasons.
Regarding claim 15, this claim is not patent eligible for the same reasons given for claim 1 for the common limitations.
The following limitations to not recite a practical application or amount to “significantly more” for the following reasons:
The additional elements of “non-transitory computer-readable medium comprising program code that is executable by a processor for causing the processor to” amounts to using a generic computing component as a tool to apply the abstract idea (MPEP § 2106.05(f)). The additional elements also appears to be an attempt to generally link the use of the judicial exception to a particular technological environment or field of use. (MPEP 2106.05(h)).
Regarding claim 16, this claim is similar to claim 2 and is ineligible for the same reasons.
Regarding claim 17, this claim is similar to claim 3 and is ineligible for the same reasons.
Regarding claim 18, this claim is similar to claim 4 and is ineligible for the same reasons.
Regarding claim 19, this claim is similar to claim 5 and is ineligible for the same reasons.
Regarding claim 20, this claim is similar to claim 6 and is ineligible for the same reasons.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5-10, 12-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Soman et al. (US 20230222210) in view of Allen et al. (US 10461937).
As per claim 1, Soman teaches the invention substantially as claimed including a system comprising:
a processor ([0021], networking environment 100 may be distributed across a hybrid cloud. A hybrid cloud is a type of cloud computing that combines on-premises infrastructure, e.g., a private cloud 152 comprising one or more physical computing devices (e.g., running one or more VCIs) on which the processes shown run, with a public cloud, or data center 102) and
a memory ([0049], Cloud services 156 may store the identifiers in database 158) including instructions that are executable by the processor to:
receive a request, from an application executing in a virtual machine, for registering the application to receive fork notifications ([0047], cloud agent 114 sends a registration request to cloud services 156. In the illustrated example, because the VM is a golden VM, the VM does not have an existing device ID and registration ID and, therefore, performs registration with cloud services 156; Examiner Notes: 1. Soman’s cloud agent executes on the virtual machine: [0011], cloud agent running in a virtual machine on a host; and 2. Soman’s registration allows VMs to receive notification of forked virtual machines: [0029], cloud agent 114 is configured to query host module 115 any time cloud agent 114 detects a reset of the connection with host module 115 (e.g., such as upon creation of a new VM, creation of a clone VM, or upon reconnection of a disconnected VM);
in response to receiving the request, register the application to receive the fork notifications ([0048], cloud services 156 sends cloud agent 114.sub.1 a registration response including a registration ID; Examiner Note: Soman’s registration response indicates that registration was successful: [0008], To register (e.g., at startup of the agent) with the cloud security monitoring service, the agent on the endpoint registers with the cloud security monitoring service. For example, the agent sends the cloud security monitoring service a device identifier (ID) associated with the agent (e.g., a “unique_deviceID”) and may send an additional parameter (e.g., a “company_code”). In response, the cloud security monitoring service assigns a unique registration ID (e.g., a “registrationId”) to the agent when the registration is successful);
subsequent to registering the application to receive fork notifications, determine that the virtual machine has been forked ([0057], When a VM clone is created, cloud agent 114.sub.2 on the clone VM resets the VMCI connection with host module 115); and
in response to determining that the virtual machine has been forked:
determine that the application is registered to receive fork notifications ([0057], When a VM clone is created, cloud agent 114.sub.2 on the clone VM resets the VMCI connection with host module 115. At operation 436, cloud agent 114.sub.2 detects the VMCI connection; Examiner Note: Soman’s reset of the VMCI connection at the host module/hypervisor triggers a query in a registered VM: [0020], When a VM clone is created, a query to the host module is triggered to fetch the identifiers from the host module; [0029], cloud agent 114 is configured to query host module 115 any time cloud agent 114 detects a reset of the connection with host module 115 (e.g., such as upon creation of a new VM, creation of a clone VM, or upon reconnection of a disconnected VM; and [0057], Based on detecting the VMCI connection, cloud agent 114.sub.2 is triggered to query host module 115 for the identifiers, at operation 438); and
based on determining that the application is registered to receive fork
notifications ([0057], When a VM clone is created, cloud agent 114.sub.2 on the clone VM resets the VMCI connection with host module 115. At operation 436, cloud agent 114.sub.2 detects the VMCI connection. Based on detecting the VMCI connection, cloud agent 114.sub.2 is triggered to query host module 115 for the identifiers, at operation 438), transmit a fork notification to the application ([0057], Based on detecting the VMCI connection, cloud agent 114.sub.2 is triggered to query host module 115 for the identifiers, at operation 438. At operation 440, host module 115 responds with the identifiers for the clone VM 112.sub.2 (e.g., the identifiers received from cloud appliance 123 at operation 434)), the application being configured to receive the fork notification ([0029], cloud agent 114 is configured to query host module 115 any time cloud agent 114 detects a reset of the connection with host module 115 (e.g., such as upon creation of a new VM, creation of a clone VM, or upon reconnection of a disconnected VM).
Soman fails to specifically teach, wherein the application is configured to perform an operation using first data; and responsively obtain second data for use in performing the operation, the second data being different from the first data.
However Allen teaches, wherein the application is configured to perform an operation using first data (Column 3, Lines 57-62, an application may request the creation of a new secret that may be stored in the hypervisor-managed secrets compartment. This new secret may then be used to sign, encrypt and/or decrypt a data parameter, thus keeping that data parameter secure; and Column 4, Lines 35-37, the hypervisor may instantiate a new secrets management VM instance for each application launched); and
responsively obtain second data for use in performing the operation, the second data being different from the first data (Column 4, Lines 45-47, the hypervisor may instantiate a new secrets management VM instance for each application launched; Column 5, Lines 29-36, the hypervisor-managed secrets compartment and/or the secrets management VM instance may receive one or more requests from the application, using the communications identifier, URL or URI to use and/or otherwise manage the secrets stored within the secrets management VM instance. An application may, for example, create a new secret that may be stored in the secrets management VM instance for later use).
Soman and Allen are analogous because they are each related to virtual machine management including enforcing security policies. Soman teaches a hypervisor-supported method of notifying registered virtual machines of virtual machine events and enforcing security policies. ([0008], To register (e.g., at startup of the agent) with the cloud security monitoring service, the agent on the endpoint registers with the cloud security monitoring service; [0027], a VM 112 may include a cloud agent 114. In some embodiments, cloud agent 114 is a Carbon Black sensor. Cloud agent 114 may be configured to receive security policies and rules from private cloud 152 (such as from cloud services 156) and enforce the policies and rules at the VM 112; and [0029], cloud agent 114 is configured to query host module 115 any time cloud agent 114 detects a reset of the connection with host module 115 (e.g., such as upon creation of a new VM, creation of a clone VM, or upon reconnection of a disconnected VM)). Allen teaches a hypervisor-supported method of virtual machine management including secret management for virtual machines. (Column 3, Lines 28-31, application may use a hypervisor-managed secrets compartment to store the secrets data and may communicate with the hypervisor-managed secrets compartment to create, store, access, and otherwise manage its secrets; Column 3, Line 67-Column 4, Line 5, an application may request the creation of a new secret that may be stored in the hypervisor-managed secrets compartment. This new secret may then be used to sign, encrypt and/or decrypt a data parameter, thus keeping that data parameter secure; and Column 11, Lines 58-62, a hypervisor may use a combination of shared and separate secrets management VM instances according to system needs, application needs, system policy, customer type and/or other such considerations). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that, based on the combination, the “host module” of Soman, which runs on its hypervisor, would be modified to include the Allen’s hypervisor-managed secrets compartment resulting in a hypervisor-supported system that allows virtual machines to be notified of security events and manage its secrets in accordance with security policies.
As per claim 2, Soman teaches, wherein the application is configured to initiate a restartable sequence in response to receiving the fork notification ([0059], cloud agent 114.sub.2 sends a reregistration request to cloud services 156. Cloud agent 114.sub.2 includes a new device ID in the reregistration request. For example, based on determining, at operation 442, that the fetched identifiers do not match any persisted values, cloud agent 114.sub.2 generates a new device ID; Examiner’s Note: Soman’s reregistration is restartable because the reregistration process is restarted whenever a new clone is discovered: [0029], cloud agent 114 is configured to query host module 115 any time cloud agent 114 detects a reset of the connection with host module 115 (e.g., such as upon creation of a new VM, creation of a clone VM, or upon reconnection of a disconnected VM),.
Soman fails to specifically teach, the restartable sequence being executable to generate the second data.
However, Allen teaches, the restartable sequence being executable to generate the second data (Column 5, Lines 19-26, [p]eriodically, the hypervisor-managed secrets compartment and/or the secrets management VM instance may receive one or more requests from the application, using the communications identifier, URL or URI to use and/or otherwise manage the secrets stored within the secrets management VM instance. An application may, for example, create a new secret that may be stored in the secrets management VM instance for later use).
The same motivation used in the rejection of claim 1 is applicable to the instant claim.
As per claim 3, Soman teaches, wherein the instructions are further executable by the processor for causing the processor to determine that the virtual machine has been forked based on a notification received from a hypervisor supporting the virtual machine ([0020], When a VM clone is created, a query to the host module is triggered to fetch the identifiers from the host module; and [0031], Hypervisor 120 includes host module 115... host module 115 may receive identifiers of VMs 112 from a cloud appliance 123 and provide the respective identifiers to a VM 112 when queried by a cloud agent 114 of the VM 112), the notification indicating that the virtual machine has been forked ([0029], cloud agent 114 is configured to query host module 115 any time cloud agent 114 detects a reset of the connection with host module 115 (e.g., such as upon creation of a new VM, creation of a clone VM, or upon reconnection of a disconnected VM)).
As per claim 5, Allen teaches, wherein the first data is a first secret (Column 3, Lines 57-62, an application may request the creation of a new secret that may be stored in the hypervisor-managed secrets compartment. This new secret may then be used to sign, encrypt and/or decrypt a data parameter, thus keeping that data parameter secure; and Column 4, Lines 35-37, the hypervisor may instantiate a new secrets management VM instance for each application launched) and the second data is a second secret (Column 3, Lines 57-62, an application may request the creation of a new secret that may be stored in the hypervisor-managed secrets compartment. This new secret may then be used to sign, encrypt and/or decrypt a data parameter, thus keeping that data parameter secure; and Column 5, Lines 19-26, Periodically, the hypervisor-managed secrets compartment and/or the secrets management VM instance may receive one or more requests from the application, using the communications identifier, URL or URI to use and/or otherwise manage the secrets stored within the secrets management VM instance. An application may, for example, create a new secret that may be stored in the secrets management VM instance for later use).
As per claim 6, Soman teaches, wherein the instructions are further executable by the processor for causing the processor to:
register the application to receive the fork notifications by storing an identifier of the application in a datastore ([0008], To register (e.g., at startup of the agent) with the cloud security monitoring service, the agent on the endpoint registers with the cloud security monitoring service. For example, the agent sends the cloud security monitoring service a device identifier (ID) associated with the agent (e.g., a “unique_deviceID”) and may send an additional parameter (e.g., a “company_code”); and [0049], Cloud services 156 may store the identifiers in database 158); and
determine that the application is registered to receive the fork notifications by consulting the datastore ([0050], Cloud services 156 may use the VMuuid and Muuid to identify a communication coming from a VM 112 as associated with a particular virtualization manager 108. Cloud services 156 may monitor for communications from cloud agent 114.sub.1 using the stored device ID and registration ID. For example, cloud services 156 may monitor communications from cloud agent 114.sub.1 and collect information about VM 112.sub.1, process the data to detect cybersecurity events, behaviors, and/or system state metrics, to provide analysis, visualizations, alerts, and/or remediation for detected anomalies, incidents, vulnerabilities, suspicious activities, and/or malware).
As per claim 7, Soman teaches, wherein the instructions correspond to a supervisory program that is executable by the processor ([0025], A CPU 142 is configured to execute instructions, for example, executable instructions that perform one or more operations described herein and that may be stored in the memory and storage system; and [0156], Cloud services 156 can determine policies and rules for network access and publish the policies and rules to cloud agent 114, so that cloud agent 114 can enforce the policies and rules on VM 112; and [0050], Cloud services 156 may monitor for communications from cloud agent 114.sub.1 using the stored device ID and registration ID. For example, cloud services 156 may monitor communications from cloud agent 114.sub.1 and collect information about VM 112.sub.1, process the data to detect cybersecurity events, behaviors, and/or system state metrics, to provide analysis, visualizations, alerts, and/or remediation for detected anomalies, incidents, vulnerabilities, suspicious activities, and/or malware).
As per claim 8, this is the “method claim” corresponding to claim 1 and is rejected for the same reasons. The same motivation used in the rejection of claim 1 is applicable to the instant claim.
As per claim 9, this claim is similar to claim 2 and is rejected for the same reasons.
As per claim 10, this claim is similar to claim 3 and is rejected for the same reasons.
As per claim 12, this claim is similar to claim 5 and is rejected for the same reasons.
As per claim 13, this claim is similar to claim 6 and is rejected for the same reasons.
As per claim 14, this claim is similar to claim 7 and is rejected for the same reasons.
As per claim 15, this is the “non-transitory computer-readable medium claim” corresponding to claim 1 and is rejected for the same reasons. The same motivation used in the rejection of claim 1 is applicable to the instant claim.
As per claim 16, this claim is similar to claim 2 and is rejected for the same reasons.
As per claim 17, this claim is similar to claim 3 and is rejected for the same reasons.
As per claim 19, this claim is similar to claim 5 and is rejected for the same reasons.
As per claim 20, this claim is similar to claim 6 and is rejected for the same reasons.
Claims 4, 11, and 18 are rejected are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Soman-Allen as applied to independent claims 1, 8, and 15 and in further view of Tsirkin (US 9411624).
As per claim 4, the combination of Soman-Allen fails to specifically teach, wherein the notification is an interrupt that is generated by the hypervisor.
However, Tsirkin teaches, wherein the notification is an interrupt that is generated by the hypervisor (Column 2, Lines 30-34, providing the identified one or more VCPUs of the VM as a hint to the VM, the hint sent to the VM with the virtual device event, wherein the VM programs a virtual device associated with the event to deliver interrupts to a VCPU of the VM identified in the hint; and Column 7, Lines 8-19, the programming instruction from the VM may request to program an emulated device driver for the virtual device to send interrupts for an event type to a particular VCPU of the VM that is in the provided hint... At block 350, the programming instruction is interpreted by the hypervisor so that any interrupts associated with the type of the event are sent to the indicated VCPU).
Soman and Allen are analogous because they are each related to virtual machine management Soman teaches a hypervisor-supported method of notifying registered virtual machines of virtual machine events and enforcing security policies. Soman also teaches providing registration hints when virtual machine clones are created. ([0058], Based on determining the fetched identifiers do not match any persisted values (e.g., indicating the VM is a clone), cloud agent 114.sub.2...is triggered to perform a reregistration with cloud services 156...cloud services 156 may include the reregistration hint when the identifiers included in the device status message from cloud agent 114.sub.2 are different than identifiers stored by cloud services 156 for the device ID and registration ID pair.). Allen teaches a hypervisor-supported method of virtual machine management including secret management for virtual machines. Tsirkin teaches a method of hypervisor provided interrupts when a device event is detected using hints. (Abstract, receiving a virtual device event from a host central processing unit (CPU) of a multi-CPU host machine, the virtual device event directed to a virtual machine (VM) managed by the hypervisor on the host machine, identifying one or more virtual CPUs (VCPUs) of the VM that are running on the host CPU, and providing the identified one or more VCPUs of the VM as a hint to the VM, the hint sent to the VM with the virtual device event; and Column 7, Lines 8-19, the programming instruction from the VM may request to program an emulated device driver for the virtual device to send interrupts for an event type to a particular VCPU of the VM that is in the provided hint... At block 350, the programming instruction is interpreted by the hypervisor so that any interrupts associated with the type of the event are sent to the indicated VCPU). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that, based on the combination, the “host module” and hypervisor-supported hint mechanism of the combination of Soman-Allen would be modified to include the event notification via hinting mechanism as taught by Tsirkin resulting in a hypervisor-supported system that allows virtual machines to be notified of security events.
As per claim 11, this claim is similar to claim 4 and is rejected for the same reasons. The same motivation used in the rejection of claim 4 is applicable to the instant claim.
As per claim 18, this claim is similar to claim 4 and is rejected for the same reasons. The same motivation used in the rejection of claim 4 is applicable to the instant claim.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MELISSA A HEADLY whose telephone number is (571)272-1972. The examiner can normally be reached Monday- Friday 9-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bradley Teets can be reached at 571-272-3338. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MELISSA A HEADLY/Examiner, Art Unit 2197