Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are currently pending and have been examined.
Claim Objections
Claims 9-14 are objected to because of the following informalities:
Re-claim 9, preamble reads “The method of claim 8” when it should be “The computer-implemented method of claim 8”.
Re-claims 10-14, they are objected to for having similar issues as claim 9.
Appropriate correction is required.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/11/2023, 12/31/2024 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claims 15-20 are directed to a “computer storage device”. Although, the specification (par. 0070) describes the term “computer storage devices” as having computer-executable instructions stored”, it fails to describe/define the computer-readable storage medium by explicitly excluding transitory signal media. Therefore, for purposes of examination, it is reasonably interpreted that the computer storage device encompasses both transitory signal media and non-transitory signal media. Furthermore, absent an explicit and deliberate limiting definition, or a clear differentiation between non-transitory and transitory media in the disclosure, the words "storage", "recording", “tangible”, etc. are insufficient to convey only statutory embodiments to one of ordinary skill in the art. Therefore, the claims are non-statutory under 35 U.S.C. 101. The examiner suggests amending the claims by incorporating the term “non-transitory” in order to overcome the rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-6, 8-13 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanan et al. “Remote attestation of SEV-SNP confidential VMs using e-vTPMs” in view of Srivastava et al. (U.S. Pub. No. 20220222100 A1), and further in view of Tamir et al. (U.S. Pub. No. 20240086550 A1).
As per claim 1, Narayanan teaches the invention substantially as claimed including a confidential compute system comprising:
at least one confidential compute component configured to support a confidential virtual machine (CVM) (page 2, right column, managed by a dedicated co-processor, AMD secure processor (AMD-SP). AMD-SP takes care of the lifecycle management of the SEV VMs; page 5, right column, lines 15-17 every confidential VM has its own private vTPM that runs at a higher privilege level (i.e., VMPL0) inside each confidential VM and is encrypted by AMD-SP);
provision a confidential virtual machine (CVM) within the confidential compute system (page 5, right column, lines 24-25 We use Qemu/KVM environment for running the confidential VM. Figure 2 shows how a confidential VM is launched; Fig. 2, SEV-SNP Confidential VM);
capture one or more measurements from the CVM after a build process performed by the third party is complete (page 7, right column, lines 4-7, Before launching the confidential VM, the AMD-SP hardware measures all the load-time binaries as part of the launch measurement. This includes the SVSM and our SVSM-vTPM code. By verifying these measurements that are included as part of the attestation report, we can ensure that our SVSM-vTPM binary, and anything else running in VMPL0, has not been tampered; page 7, left column, lines 46-47 an attestation report (4) that contains the launch measurements, vmpl level and the user-data);
transmit an attestation report to a primary administrative party of the CVM, the attestation report including the one or more measurements (page 7, left column, lines 49-50 We can retrieve the saved attestation report at any point in time (5)).
Narayanan does not expressly disclose: cause the CVM to enter operational service with confidential data upon receiving user input from the primary administrative party after review of the attestation report; a processor; and a computer-readable medium storing instructions that are operative upon execution by the processor.
However, Srivastava teaches: cause the CVM to enter operational service with confidential data upon receiving user input from the primary administrative party after review of the attestation report (par. 0020 For a Guest Owner to verify that the guest that is running authentic software and has not been tampered with, it needs to establish a secure communication channel with the PSP and obtain a measurement of the guest. A measurement includes a hash of the guest's memory contents and is not deemed to change on every boot. Note that SEV is transparent to guest applications but guest kernels need to be made SEV aware to support this capability …The Guest Owner can verify the hash provided by the PSP of the guest, and only then proceed to deliver a disk decryption key to the guest. This allows the guest to decrypt the disk and process the confidential data. The guest VM is now fully operational and protected by SEV.), and a computer-readable medium storing instructions that are operative upon execution by the processor (par. 0017 CPUs 160 are configured to execute instructions, for example, executable instructions that perform one or more operations described herein, which may be stored in RAM).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique of causing a VM enter operational service with the confidential data upon guest owner verifying that the guest is running authentic software of Srivastava with the system/method of Narayanan resulting in a system and method which provides for causing a confidential VM enter operational service with the confidential data upon guest owner verifying guest authentic software as in Srivastava. One or ordinary skill in the art would have been motivated to make this combination for the purpose of verifying authenticity of the various components executing in such virtualized computing systems (par. 0002).
Narayanan and Srivastava do not expressly disclose: provide a third party with administrative rights to the CVM, the administrative rights allowing the third party to install software on the CVM.
However, Tamir teaches: provide a third party with administrative rights to the CVM, the administrative rights allowing the third party to install software on the CVM (par. 0024 granting a subset of administrative rights to the cloud account operator(s) 103, the cloud account owner(s) 102 trust the cloud account operator(s) 103 to perform duties without impacting the security and confidentiality of the guest virtual machines run by the cloud account owner(s); par. 0025 the cloud account owner(s) 102 configures the vault owner 104 with administrative privileges to lock and establish the vault around a guest virtual machine; par. 0033 the cloud account owner(s) 102 allow the vault owner 104 to install applications, e.g., as application containers on the guest VM 404).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique of providing by a cloud account owner various levels of administrative rights/privileges to one or more of account operators, vault owner allow them to perform duties, install applications of Tamir with the system and method of Narayanan and Srivastava resulting in a system and method that provides each of operators, vault owners with different levels of administrative right/privileges as in Tamir. One or ordinary skill in the art would have been motivated to make this combination for the purpose of preventing attacks initiated remotely (e.g., via SSH, SSM, etc.) and locally (e.g., through cloning or retrieving information from the hardware hosting the guest VM) (par. 0040)).
As per claim 2, Narayanan further teaches: identify an operational software policy that identifies the one or more measurements and expected values for the one or more measurements (page 1, right column, last paragraph, comparing entries in the measured boot and IMA logs with a pre-defined set of acceptable values (called an attestation policy) and exposing any measurements that do not conform to policy expectations);
transmit an attestation request to an attestation agent being executed by the CVM, the attestation request identifies the one or more measurements to be attested by the attestation agent (page 4, left column, lines 41-44 SVSM-vTPM establishes a chain of trust by generating an SEV-SNP attestation report by passing the 𝑑𝑖𝑔𝑒𝑠𝑡(𝐸𝐾𝑝𝑢𝑏) as the user-data along with the attestation request and thus relying only on the AMD hardware; Fig. 2, attestation request to a SVSM-vTPM; page 8, left column, last paragraph, Keylime verifier initiates the attestation protocol by sending a TPMquote request to the agent; Fig. 3 attestation request);
receive an evidence message from the attestation agent of the CVM, the evidence message including current readings for the one or more measurements captured from the CVM (page 8, left column, last paragraph, The agent sends back the requested quote signed by the TPM, using the AIK associated during the registration phase. In addition, a number of logs (e.g. measured boot log, IMA log) are sent back with the quote); and
verify the current readings against for the one or more measurements using the expected values for the one or more measurements identified in the operational software policy (page 8, left column, last paragraph, The verifier validates the TPM quote by decrypting it with the registered AIK; validates the logs by testing them against the PCRs contained in the quote; and finally checks the contents of the logs against the attestation policy to render a trustworthy/untrustworthy verdict),
Shrivastava further teaches: wherein causing the CVM to enter operational service includes causing the CVM to enter operational service when the current readings are verified against the expected values (par. 0020 For a Guest Owner to verify that the guest that is running authentic software and has not been tampered with, it needs to establish a secure communication channel with the PSP and obtain a measurement of the guest. A measurement includes a hash of the guest's memory contents and is not deemed to change on every boot. Note that SEV is transparent to guest applications but guest kernels need to be made SEV aware to support this capability …The Guest Owner can verify the hash provided by the PSP of the guest, and only then proceed to deliver a disk decryption key to the guest. This allows the guest to decrypt the disk and process the confidential data. The guest VM is now fully operational and protected by SEV).
As per claim 3, Narayanan further teaches: wherein the attestation request is a software-based attestation request (page 8, left column, last paragraph, Keylime verifier initiates the attestation protocol by sending a TPMquote request to the agent; Fig. 3 attestation request), Srivastava further teaches: wherein the instructions are further operative to transmit a hardware-based attestation request to the at least one confidential compute component supporting the CVM prior to causing the CVM to enter operational service (par. 0015 using hardware-based secure attestation in a virtualized computing system; par. 0020 The Guest Owner can verify the hash provided by the PSP of the guest, and only then proceed to deliver a disk decryption key to the guest. This allows the guest to decrypt the disk and process the confidential data. The guest VM is now fully operational and protected by SEV).
As per claim 4, Srivastava further teaches: wherein causing the CVM to enter operational service further includes transmitting an attestation decision to a key management service, thereby causing the key management service to transmit a decryption key to the CVM for use in decrypting protected data used during the operational service of the CVM (par. 0020 The Guest Owner can verify the hash provided by the PSP of the guest, and only then proceed to deliver a disk decryption key to the guest. This allows the guest to decrypt the disk and process the confidential data. The guest VM is now fully operational and protected by SEV).
As per claim 5, Tamir further teaches: wherein third-party modification of the CVM includes a software installation operation performed on the CVM by the third party (par. 0033 In some embodiments, in step 422, the cloud account owner(s) 102 allow the vault owner 104 to install applications, e.g., as application containers on the guest VM 404), Srivastava further teaches: wherein the one or more measurements further includes information about software installed on the CVM (par. 0020 For a Guest Owner to verify that the guest that is running authentic software and has not been tampered with, it needs to establish a secure communication channel with the PSP and obtain a measurement of the guest. A measurement includes a hash of the guest's memory contents and is not deemed to change on every boot; par. 0052 This can include measurements of all of the software components that have been loaded).
As per claim 6, Narayanan teaches wherein the one or more measurements (page 7, lines 7-8 measurements that are included as part of the attestation report) Tamir teaches further includes information about administrative accounts currently present on the CVM (par. 0025 cloud provider owner(s) 101, cloud account owner(s) 102, cloud account operator(s), vault owner 104 with administrative privileges).
As per claim 8, it is a computer-implemented method having similar limitations as claim 1. Thus, claim 8 is rejected for the same rationale as applied to claim 1.
As per claim 9, it is a computer-implemented method having similar limitations as claim 2. Thus, claim 9 is rejected for the same rationale as applied to claim 2.
As per claim 10, it is a computer-implemented method having similar limitations as claim 3. Thus, claim 10 is rejected for the same rationale as applied to claim 3.
As per claim 11, it is a computer-implemented method having similar limitations as claim 4. Thus, claim 11 is rejected for the same rationale as applied to claim 4.
As per claim 12, it is a computer-implemented method having similar limitations as claim 5. Thus, claim 12 is rejected for the same rationale as applied to claim 5.
As per claim 13, it is a computer-implemented method having similar limitations as claim 6. Thus, claim 13 is rejected for the same rationale as applied to claim 6.
As per claim 15, it is a computer storage device having similar limitations as claim 1. Thus, claim 15 is rejected for the same rationale as applied to claim 1. Srivastava further teaches: a computer storage device (par. 0072 Computer readable media).
As per claim 16, it is a computer storage device having similar limitations as claim 2. Thus, claim 16 is rejected for the same rationale as applied to claim 2.
As per claim 17, it is a computer storage device having similar limitations as claim 3. Thus, claim 17 is rejected for the same rationale as applied to claim 3.
As per claim 18, it is a computer storage device having similar limitations as claim 4. Thus, claim 18 is rejected for the same rationale as applied to claim 4.
As per claim 19, it is a computer storage device having similar limitations as claim 5. Thus, claim 19 is rejected for the same rationale as applied to claim 5.
As per claim 20, it is a computer storage device having similar limitations as claim 6. Thus, claim 20 is rejected for the same rationale as applied to claim 6.
Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanan in view of Srivastava and Tamir, and further in view of Dodeja et al. (U.S. Pub. No. 20140122897 A1).
As per claim 7, Narayanan, Srivastava and Tamir do not expressly disclose: wherein the one or more measurements further includes a hash of a filesystem of the CVM.
However, Dodeja teaches: wherein the one or more measurements further includes a hash of a filesystem of the CVM (par. 0026 HSTC 152 includes making measurements of the components included in the scope; par. 0038 The standard application of IMA seals measured hashes of the filesystem into the TPM).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique of making measurements and sealing measured hashes of a file system into a TPM of Tamir with the system and method of Narayanan, Srivastava and Tamir resulting in a system and method in which measurements include hashes of a file system. One or ordinary skill in the art would have been motivated to make this combination for the purpose of determining integrity of the computing device (par. 0013).
As per claim 14, it is a computer-implemented method having similar limitations as claim 7. Thus, claim 14 is rejected for the same rationale as applied to claim 7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Willy W. Huaracha whose telephone number is (571)270-5510. The examiner can normally be reached on M-F 8:30-5:00pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bradley Teets can be reached on (571) 272-3338. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WH/
Examiner, Art Unit 2195
/BRADLEY A TEETS/ Supervisory Patent Examiner, Art Unit 2197
Prosecution Insights