DETAILED ACTION
This office action is in reply to applicant communication filed on May 07, 2026.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on May 07, 2026.
Claims 2, 4 and 8-20 have been cancelled.
Claims 1, 3, 5-7 and 21-30 have been amended.
Claims 1, 3, 5-7 and 21-30 are pending.
Response to Argument
Applicant’s arguments filed on May 07, 2026 with respect to the 35 U.S.C. 103 rejections have been fully considered but are moot in view of new ground(s) of rejection.
Applicant’s arguments filed on May 07, 2026 with respect to the 35 U.S.C. 101 rejections or claims 26-30 have been fully considered and withdrawn due to the amendment made to the claims.
Applicant’s argues that the prior art on record fails to teach the amended limitation of independent claims. However, upon further consideration, a new ground(s) of rejection is made using the newly find prior arts to Di Luoffo (US Pub. No. 2005/0160318).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 3, 5-7 and 21-30 are rejected under 35 U.S.C. 103 as being unpatentable over Kelly (US Pub. No. 2013/0042295) in view of Smith (US Pub. No. 2009/0133097) and further in view of Di Luoffo (US Pub. No. 2005/0160318).
As per claim 1 Kelly discloses:
A computing system device comprising: memory circuitry to store workloads and processing circuitry coupled to the memory circuitry, the processing circuitry to: receive a workload of the workloads; (paragraph 53 of Kelly, in FIG. 6A in block 6002, data may be received at the mobile device, such as via a wireless or wired communication link. …. If the data is determined to be trusted (i.e., determination block 6004="Yes"), at block 6006 the secure virtual environment may be started).
Validate the workload; (paragraph 57 of Kelly, at determination bloc 6028 the now decrypted data header may be read, and information about the trusted status of the data may be determined by the secure virtual environment. The data header may contain a trusted id, information about the file format of the data, or any other information).
Evaluate a launch policy associated with the workload; (paragraph 58 of Kelly, if the decrypted data header shows the data to be trusted (i.e., determination block 6028="Yes"), at determination block 6008 the secure virtual environment applies corporate policy and/or user settings and determines if the data type is allowed).
Load, based on the launch policy, the workload into a virtual machine associated with a trusted execution environment (TEE). (paragraph 54 of Kelly, if the data type is allowed by corporate policy and/or user settings (i.e., determination block 6008="Yes"), at block 6010 the secure virtual environment decrypts the data. At block 6012, an application may be selected to manipulate the data. In an optional embodiment, the application selected may be a trusted application specifically authorized to operate in the secure virtual environment. The selection of the application at block 6012 may be independently made by the processor of the mobile device, made by the processor in response to a received user input to the mobile device, or by some combination of the two. When the user finishes with the data and closes the file, at block 6014, the secure virtual environment encrypts the manipulated data, and at block 6016 the manipulated data may be stored on the mobile device. By encrypting the data at block 6014 no data is allowed outside the secure virtual environment in an unencrypted form. In the event the secure data is only viewed and is not indicated for saving (e.g., by a user input or a document policy included in the data), the secure data may just be deleted from memory in which case operations at blocks 6014 and 6016 would not be performed). Also see blocks 6010-6016 in fig. 6B of Kelly.
Kelly teaches the method of validating and checking the policy of the workload/data in virtual environment (see paragraphs 57 and 58 of Kelly) but fails to disclose:
In response to the workload being successfully validated, verify mutual acceptance by evaluate a launch policy associated with the workload against one or more launch policies associated with one or more existing workloads.
However, in the same field of endeavor, Smith teaches this limitation as, (paragraph 19 Smith, in one embodiment, VMM 154 may read the values stored in policy control block 136. VMM 154 may verify policy object 152. For example, VMM 154 may verify policy object 152 by hashing the value for public key 158 and comparing the hash value 142 stored in secure non-volatile storage 134. In other embodiments, VMM 154 may generate and verify policy object 152, for example, by verifying that the counter 160 generated for the policy object 152 may be greater than a counter, for example, associated with a different or previous policy object, stored in storage 134).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Kelly to include the above limitation using the teaching of Smith in order to securely verify the policy by comparing one policy with the known and verified policy (see paragraph 19 of Smith).
The combination of Kelly and Smith teaches the method of evaluating a launch policy associated with the workload against one or more launch policies associated with one or more existing workloads (see paragraph 19 of Smith) but fails to disclose:
Wherein the one or more launch policies of the one or more existing workloads are evaluated against the workload.
However, in the same field of endeavor, Di Luoffo teaches this limitation as, (claim 21 of Di Luoffo, managing error analysis within a grid environment, wherein said plurality of policies are validated against an XML document type definition) and (paragraph 78 of Di Luoffo, block 808 depicts validating the policy or rule against the application DTD to determine an XML response. For purposes of example, Table 1 depicts an application DTD which may be implemented in the invention. In an alternate embodiment, a response may be formatted in an alternate protocol or method).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Kelly and Smith to include the above limitation using the teaching of Di Luoffo in order to analysis error and verify the plurality of policies by validating it against the document/workload (see claim 21 of Di Luoffo).
Claims 21 and 26 are rejected under the same reason set forth in rejection of claim 1.
As per claim 3 Kelly in view of Smith and further in view of Di Luoffo discloses:
The computing device of claim 1, wherein the processing circuitry is further to generate cryptographic measurements relating to the workload based on the launch policy. (Paragraph 54 of Kelly, if the data type is allowed by corporate policy and/or user settings (i.e., determination block 6008="Yes"), at block 6010 the secure virtual environment decrypts the data).
Claims 22 and 27 are rejected under the same reason set forth in rejection of claim 3.
As per claim 5 Kelly in view of Smith and further in view of Di Luoffo discloses:
The computing device of claim 1, wherein the processing circuitry is further to reject the workload based on security context associated with the TEE or in response to the virtual machine having insufficient computing resources available to run the workload. (Paragraph 56 of Kelly, if the user cannot be verified (i.e., determination block 6022="No"), at block 6024 the secure virtual environment closes, and at block 6018 the data may be manipulated with a standard application. At block 6018 the encrypted data may be manipulated in any manner available to the mobile device outside of the secure virtual environment, and any errors related to the manipulation of encrypted data may addressed by standard error handling mechanisms outside the secure virtual environment).
Claims 23 and 28 are rejected under the same reason set forth in rejection of claim 5.
As per claim 6:
The combination of Kelly and Di Luoffo teaches the method of validating and checking the policy of the workload/data in virtual environment (see paragraphs 57 and 58 of Kelly) but fails to disclose:
The computing device of claim 1, wherein to evaluate further comprises to evaluate one or more first protocols associated with the launch policy of the workload and one or more second protocols associated with the one or more launch policies of the existing workloads.
However, in the same field of endeavor, Smith teaches this limitation as, (paragraph 19 Smith, in one embodiment, VMM 154 may read the values stored in policy control block 136. VMM 154 may verify policy object 152. For example, VMM 154 may verify policy object 152 by hashing the value for public key 158 and comparing the hash value 142 stored in secure non-volatile storage 134. In other embodiments, VMM 154 may generate and verify policy object 152, for example, by verifying that the counter 160 generated for the policy object 152 may be greater than a counter, for example, associated with a different or previous policy object, stored in storage 134).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Kelly and Di Luoffo to include the above limitation using the teaching of Smith in order to securely verify the policy by comparing one policy/protocol with the known and verified policy/protocol (see paragraph 19 of Smith).
Claims 24 and 29 are rejected under the same reason set forth in rejection of claim 6.
As per claim 7 Kelly in view of Smith and further in view of Di Luoffo discloses:
The computing device of claim 1, wherein the processing circuitry comprises one or more of application processing circuity or graphics processing circuitry workloads. (paragraph 54 of Kelly, if the data type is allowed by corporate policy and/or user settings (i.e., determination block 6008="Yes"), at block 6010 the secure virtual environment decrypts the data. At block 6012, an application may be selected to manipulate the data. In an optional embodiment, the application selected may be a trusted application specifically authorized to operate in the secure virtual environment. The selection of the application at block 6012 may be independently made by the processor of the mobile device, made by the processor in response to a received user input to the mobile device, or by some combination of the two. When the user finishes with the data and closes the file, at block 6014, the secure virtual environment encrypts the manipulated data, and at block 6016 the manipulated data may be stored on the mobile device).
Claims 25 and 30 are rejected under the same reason set forth in rejection of claim 7.
Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Ohta (US 7,693,835). Ohta’s reference discloses:
A client apparatus for utilizing services by executing service programs includes a policy holding unit, a verification unit, a verification result holding unit, and a verification result notification unit. The policy holding unit holds a service-specific verification policy pre-checked by a device verification apparatus. The verification unit verifies an operation and configuration of the client apparatus itself by using the verification policy when the service program is executed. The verification result notification unit notifies the verification result to the device verification apparatus, which requests the verification result.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TESHOME HAILU/Primary Examiner, Art Unit 2434