Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Arguments
Applicant’s arguments with respect to claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Election/Restrictions
During a telephone conversation with Kevin Rizzuto on 11/24/25 a provisional election was made without traverse to prosecute the invention of Group I, claims 1-6. Affirmation of this election must be made by applicant in replying to this Office action. Claims 7-15 (Group 2 Claims 7-11 and Group 3 Claims 12-15) are withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention.
Claim Rejections - 35 USC §103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim/s 1, 2, 16, 17, 22, 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ali (Pub. No. US 2015/0040130) in view of Curtis (Pub. No. US 2018/0247055) in further view of Goicea (Pub. No. US 2007/0157196).
Claim 1, 16, 22, Ali teaches “a non-transitory machine-readable medium comprising instructions that cause a processor of a computing device to: create a first virtual machine using a hypervisor ([0016] Examples of a privileged domain include any or some combination of the following: domain 0, which is often the first domain started by a virtual machine monitor (also referred to as a hypervisor) to perform management tasks; a portion of the virtual machine monitor (or hypervisor); a guest virtual machine that has predefined settings to provide the guest virtual machine with enhanced privileges and/or security; or another type of domain in the electronic device with a predefined special privilege and/or security mechanism. [0020] The privileged domain 120 can be a trusted domain as it is generated or managed by the trusted VMM 115.); execute a trusted basic input/output system (BIOS) in the first virtual machine ([Fig. 2, 125] Trusted runtime BIOS); create a second virtual machine using the hypervisor ([0019] The guest domain 130 is a virtual machine which may execute an operating system such as Microsoft Windows, Linux, Unix, or another operating system. [0022] Other domains generated or managed by the VMM that could be the trusted domain may include the privileged domain 120, a virtual appliance, a guest domain 130.); and execute an untrusted BIOS component in the second virtual machine ([Fig. 2, 135] VBIOS [0035] If the system management request is received by something other than the virtual high-privilege mode it can be routed to a virtual high-privilege mode environment 140. Routing the system management request can be for example by the vBIOS sending the system management request to the virtual high-privilege mode, packaging the system management request in WMI wrapper, or making a remote procedure call (RPC). The system management request can be handled in a virtual high-privilege mode environment at 415. The virtual high-privilege mode environment can have access to the hardware to change the system configuration in ways that are not available to a guest domain (i.e. untrusted) (Examiner notes, because VBIOS of Guest Domain 130 does not have direct privilege to modify system configurations directly, the VBIOS of Guest Domain is interpreted as untrusted relative to the Trusted Runtime BIOS).); wherein the first virtual machine is executed with a greater privilege to access a resource of the computing device than the second virtual machine ([0031] In one implementation with a trusted runtime BIOS, no other domain than privileged domain or another trusted domain will be able to communicate with BIOS. This is made possible by ensuring that all communication means from a guest domain to the BIOS are trapped and routed to the privileged domain portion for the appropriate filter to receive and process. The virtual high-privilege mode in the privilege domain can then process the request and can make direct or indirect calls to the flash or the BIOS. This call from the privileged domain to the BIOS which will then be allowed by the hypervisor to go through since Hypervisor can detect a call originating from the privileged domain rather than a guest domain. Given open but exclusive access to the physical BIOS, the communication from the privileged domain to physical BIOS is secured, the privileged domain can now write or read all settings of BIOS at runtime eliminating a situation where the processor would enter system management mode.)”.
However, Ali may not explicitly teach the new limitations.
Curtis teaches “based on identifying an untrusted BIOS component comprising an option ROM provided by a hardware device added to the computing device, create a second virtual machine using the hypervisor ([0027] In one implementation, prior to loading an unknown or untrusted application App-0 104, the hypervisor/application manager 108 may send a message 116, to check the trustworthiness of the unknown/untrusted application App-0 104, to a cloud server 118. In response, the server 118 may check an application whitelist 120 to ascertain a trust level the unknown/untrusted application App-0 104 (e.g., by reviewing a trust history for the unknown/untrusted application, and/or comparing a received application digital signature to a trusted digital signature for the application from the whitelist 120, etc.). The server 118 sends a reply 122 indicating whether the unknown/untrusted application App-0 104 can be trusted. If it is ascertained that the unknown/untrusted application App-0 104 is not in the whitelist 120 or cannot be trusted, the hypervisor/application manager 108 may then install the untrusted application App-0 104′ in a first virtual machine VM A 110 which has restricted resources or access. [0036] As a new or untrusted application 226 is loaded for execution, the hypervisor/application manager module/circuit 218 may automatically start/load a first virtual machine 220 and executes the untrusted application 226 within the first virtual machine 220. Examiner notes, Goicea teaches as evidence programs may be embodied on an image and send from server to client and therefore it would be obvious to one of ordinarily skilled in the art, the application (BIOS) can be delivered via image for the purposes of design choice [0023] The following describes use of program 30 in each of the client computers 40, 42 and 44 to install the Windows XP operating system in client computers 40, 42 and 44, although program 30 can be used to install other types of operating systems in client computers. When an operator invokes program 30 for the respective client computer 40, 42 or 44, program 30 automatically downloads the Windows XP cloned image 22 (including the ACPI APIC hal.dll), programs 34-37 and file 32 from storage 20 of server 10 to the hard disk of the target client computer in the Prior Art manner, regardless of whether the client computer is ACPI APIC or ACPI PIC type (step 100).))”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Curtis with the teachings of Ali, Goicea in order to provide a system that teaches safe execution of untrusted applications. The motivation for applying Curtis teaching with Ali, Goicea teaching is to provide a system that allows for software protections. Ali, Goicea, Curtis are analogous art directed towards executing of application in restricted environments. Together Ali, Goicea, Curtis teaches every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Curtis with the teachings of Ali, Goicea by known methods and gained expected results.
Claim 2, 17, 23, the combination teaches the claim, wherein Ali teaches “the non-transitory machine-readable medium of claim 1, wherein: the hypervisor is to execute the second virtual machine with limited access to a memory resource of the computing device; and the limited access is provided by the hypervisor based on expected functionality of the untrusted BIOS component ([0033] FIG. 3 is a flow diagram of a method 300 of handling system management requests according to an example implementation. The method can manage, by a virtual machine monitor, a trusted domain for a virtual high-privilege mode to receiving a system management request at 305. The trusted domain may be a privileged domain 120 or another domain. The system management request can be one that could put the processor 110 in a system management mode and halt all of the processes that are being executed in the real mode of the processor 110. At 310 the system management request is prevented from initiating a system management mode. The system management request can be routed to a virtual high-privilege mode environment 140. Routing the system management request can be for example by the vBIOS sending the system management request to the virtual high-privilege mode, packaging the system management request in WMI wrapper, making a remote procedure call (RPC) or a web services API. The system management request can be handled in a virtual high-privilege mode environment at 315. The virtual high-privilege mode environment can have access to the hardware to change the system configuration in ways that are not available to a guest domain.)”.
Claim/s 3, 18, 24, is/are rejected under 35 U.S.C. 103 as being unpatentable over Ali in view of Vasilevsky (Pub. No. US 2009/0164994).
Claim 3, 18, 24, Ali may not explicitly teach the limitation.
Vasilevsky teaches “the non-transitory machine-readable medium of claim 1, wherein the trusted BIOS is to launch the hypervisor before the trusted BIOS is executed in the first virtual machine ([0125] FIG. 5 depicts data volumes and a trusted boot sequence. The data volumes include an unsecured bootloader volume 502, a secured control domain volume 512, and a secured workspace volume 524. The unsecured bootloader volume 502 includes a key 510 to the secured control domain volume 512, BIOS, a Master Boot Record (MBR), and a bootloader. The key 510 is under cryptographic seal 508. The secure control domain volume 512 includes a control domain or hypervisor 514, a user password 518, a key 520 to the secured workspace volume 524, and a key 522 that is used to authenticate the management system 108. The secured workspace volume 524 includes a plurality of virtual disk images 528. [0126] The trusted boot sequence utilizes the TPM 504 to break the seal 508 and provide the key 510 that decrypts the secured control domain volume 512. First, the data volumes are loaded into client computer. Then, various components of the unsecured bootloader volume 502 are successively invoked. These are, in order: the BIOS, the MBR, and the bootloader. [0127] When executed, the bootloader transfers the key 510 under cryptographic seal 508 to the TPM 504, which breaks the cryptographic seal 508 to reveal, in unencrypted form, the key 510. Then, the key 510 is used to decrypt the secured control domain volume 512. Once this volume 512 is decrypted, the bootloader executed the control domain or hypervisor 514. [0128] The control domain or hypervisor 514 then proceeds decrypt the secured workspace volume 524 using the key 520. Once that is complete, the control domain or hypervisor 514 mounts the virtual disk images 528 and boots virtual computer, in a guest domain, from a bootable one of the virtual disk images 528.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Vasilevsky with the teachings of Ali, Goicea, Curtis in order to provide a system that teaches boot order of the environment of Ali. The motivation for applying Vasilevsky teaching with Ali, Goicea, Curtis teaching is to provide a system that allows for configuration of trusted environments. Ali, Goicea, Curtis, Vasilevsky are analogous art directed towards privileged environments. Together Ali, Goicea, Curtis, Vasilevsky teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Vasilevsky with the teachings of Ali, Goicea, Curtis by known methods and gained expected results.
Claim/s 6, 21, 27, is/are rejected under 35 U.S.C. 103 as being unpatentable over Ali, Goicea, Curtis in view of White (Pub. No. US 2018/0060574).
Claim 6, 21, 27, Ali may not explicitly teach the limitation.
White teaches “the non-transitory machine-readable medium of claim 1, wherein the hypervisor is to control memory access by the untrusted BIOS component ([0034] In 220, the complex event response engine 145 may respond to the EPT event with instructions to the hypervisor 190 using the hypercall interface 165, based on the monitoring policies sent from the monitoring policies engine 150. In embodiments, the complex event response engine 245 may notify the hypervisor 190, based on the monitoring policies, that EPT violations can be resolved by the in-guest agent 130 without requiring complex logic or, alternatively, may notify the hypervisor 190 that EPT violations that require complex logic and other events related to non-memory state can be resolved by the complex event response engine 145 or by another privileged guest. The complex event response engine 145 (i.e. privilege domain of Ali) may instruct the hypervisor 190 to transfer control back to the monitored OS domain 120 to resolve or respond to the event. Event response by the in-guest agent 130 can include providing continued access to one or more memory pages based on the policies defined for an EPT view. For example, based on monitoring policies for views of the privileged OS domain 115, the complex event response engine 145 may allow a #VE for an event if the complex event response engine 145 determines that a write to a physical memory address in the monitored OS domain 120 is a write to a benign portion of the kernel. Other writes to the kernel may be disallowed or handled by the complex event response engine 145 by switching EPT views that can be accessed by the complex event response engine 145. In an embodiment, if there is reason to suspect that the in-guest agent may be under attack by the untrusted software or application being executed in the monitored OS domain 120, the event response can be shifted to the complex event response engine 145 by switching to an EPT view so that pages in that EPT view may be configured by the hypervisor 190 to always cause an EPT violation and/or with an explicit VM call or VM exit. [0035] In 225, the hypervisor 190 may determine, based on the monitoring policies, if a #VE is allowed for the EPT event. In an embodiment, the hypervisor 190 may analyze the instructions received through hypercall interface 165 to determine if #VE should be allowed for the event based on monitoring policies created by the complex event response engine 145.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of White with the teachings of Ali, Goicea, Curtis in order to provide a system that teaches controlling of non-privilege environments. The motivation for applying White teaching with Ali, Goicea, Curtis teaching is to provide a system that allows for safety of untrusted access. Ali, White are analogous art directed towards privileged environments. Together Ali, Goicea, Curtis, White teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of White with the teachings of Ali, Goicea, Curtis by known methods and gained expected results.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WYNUEL S AQUINO whose telephone number is (571)272-7478. The examiner can normally be reached 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached at 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WYNUEL S AQUINO/Primary Examiner, Art Unit 2199