DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Acknowledgment is made of applicant's claim for foreign priority based on an application filed in CN on 10/12/2021. It is noted, however, that applicant has not filed a certified copy of the CN202111186512.8 application as required by 37 CFR 1.55.
Response to Amendment
This office action is in reply to Applicant’s Response dated 12/17/2025. No claims are amended. Claims 1-20 remain pending in the application.
Response to Arguments
The Applicant argues (see page 9) that according to the contents of Raj, it is disclosed that a boot server is connected to a network in a clean mode, and a second image of a guest VM is sent to a production server. However, such technical means is not related to the technical solution defined in the independent claim 1. The Applicant argues (see page 10) that the clean mode of the boot server described in Raj is completely different from the trusted boot of the trusted measurement apparatus described in the present application. The Applicant further argues (see pages 10-11) that paragraphs 0029-0034 of the present application explain the meaning of "in a case of trusted boot of the trusted measurement apparatus, connecting a computing server, and determining a boot mode of a first boot loader of the computing server" and "in response to the first boot loader being in a trusted boot mode, acquiring a first set of trusted measurement results stored in the computing server" more clearly.
In response to the Applicant’s argument, the Examiner respectfully disagrees. Although paragraphs 0029-0034 of the present application explain the meaning of the claim limitations more clearly, and the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
The terms “trusted boot mode” and “trusted boot” are not defined in the claims or specification. Raj teaches that to prevent the second class of attack, the trusted clean execution environment for the boot server (i.e., the state of the boot server when running in clean mode) is stored in a sealed and/or encrypted partition of the boot server. This prevents malicious software from modifying the trusted clean execution environment. Raj further teaches determining which mode the boot server is in. If the boot server's attestation corresponds to the clean mode, then the switch turns on network connectivity. Additionally, Raj teaches that after the boot server is rebooted into clean mode, its network connection is restored. This indicates that Raj’s clean mode is a trusted boot mode and booting into a clean mode indicates “a case of trusted boot” (Raj, see paragraphs 0026, 0061 and 0074-0076).
Therefore, Raj and Kulkarni teach all of the features of claim 1. As the Applicant pointed that paragraphs 0029-0034 of the present application explain the limitations recited in claim 1, the Examiner recommends amending claim 1 to include the clarifying features described in these paragraphs to overcome the rejection.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “first communication module” and “first processing module” in claim 13.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph limitation: "a processor, such as a central processing unit, a digital signal processor or a microprocessor, or may be implemented as hardware, or may be implemented as an integrated circuit” (see paragraph 0112 of the specification as filed).
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-5 and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Raj et al. (U.S. PGPub 2013/0054948) in view of Kulkarni et al. (U.S. PGPub 2016/0277498).
Regarding claims 1, 14 and 15, Raj teaches A trusted measurement method applied to a trusted measurement apparatus, comprising: in a case of trusted boot of the trusted measurement apparatus, connecting a computing server, and (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...; see paragraph 0074 where the boot server is rebooted into clean mode...connectivity is reestablished, and the saved VM image is transferred to the production server at step 624.)
determining a boot mode of a first boot loader of the computing server; (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...)
in response to the first boot loader being in a trusted boot mode, acquiring a first set of trusted measurement results stored in the computing server; and (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...; see paragraph 0074 where the boot server is rebooted into clean mode...the saved VM image is transferred to the production server at step 624.)
However, Raj does not explicitly teach in response to the first set of trusted measurement results being the same as a pre-stored first set of trusted measurement expected values, determining trusted boot of the computing server,
wherein the first set of trusted measurement expected values are issued to the trusted measurement apparatus by a security master control server.
Kulkarni teaches in response to the first set of trusted measurement results being the same as a pre-stored first set of trusted measurement expected values, determining trusted boot of the computing server, (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see paragraph 0024 also)
wherein the first set of trusted measurement expected values are issued to the trusted measurement apparatus by a security master control server. (Kulkarni, see fig. 4; see paragraph 0021 where Attestation manager 110 is configured to generate storage asset tags 114 and to provision a respective storage asset tag 114 to each server system that includes (e.g., hosts) a storage node; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted...; see paragraph 0024 also)
It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Raj and Kulkarni to provide the technique of in response to the first set of trusted measurement results being the same as a pre-stored first set of trusted measurement expected values, determining trusted boot of the computing server and the first set of trusted measurement expected values are issued to the trusted measurement apparatus by a security master control server of Kulkarni in the system of Raj in order to make it easier to enforce data security, governance and compliance (Kulkarni, see paragraph 0003).
Regarding claim 2, Raj-Kulkarni teaches wherein after acquiring the first set of trusted measurement results stored in the computing server, the method further comprises: in response to at least one of the first set of trusted measurement results being different from at least one of the first set of trusted measurement expected values, executing a first security management and control policy. (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see paragraph 0024 also) The motivation regarding to the obviousness to claim 1 is also applied to claim 2.
Regarding claim 3, Raj-Kulkarni teaches wherein the first security management and control policy comprises at least one of: sending a first security alarm to a preset server; instructing the computing server to upgrade an operating system of the computing server; instructing the computing server to adjust a trusted measurement range of the computing server. (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see paragraph 0024 also) The motivation regarding to the obviousness to claim 1 is also applied to claim 2.
Regarding claim 4, Raj-Kulkarni teaches wherein in the case of the trusted boot of the trusted measurement apparatus, the method further comprises: in response to a first preset condition being met, executing a second security management and control policy, (Kulkarni, see fig. 4; see paragraph 0037 where If the trust status of the storage volume or the server system 121 hosting the storage volume is acceptable... the storage volume may be attached to the VM node 122 at operation 420...)
wherein the first preset condition comprises at least one of: the computing server is not successfully connected after a first preset duration passes; the first set of trusted measurement results stored in the computing server are not acquired; a number of the first set of trusted measurement results is less than a number of the first set of trusted measurement expected values; the first boot loader is in an untrusted boot mode. (Kulkarni, see fig. 4; see paragraph 0037 where If the trust status of the storage volume or the server system 121 hosting the storage volume is not acceptable, the system generates a trust error that may be output at operation 406...; see also paragraph 0026) The motivation regarding to the obviousness to claim 1 is also applied to claim 4.
Regarding claim 5, Raj-Kulkarni teaches wherein the second security management and control policy comprises at least one of: sending a second security alarm to a preset server; instructing to shut down the computing server and lock the boot. (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see also paragraph 0037) The motivation regarding to the obviousness to claim 1 is also applied to claim 5.
Regarding claim 13, Raj teaches A trusted measurement apparatus, comprising: a first communication module and a first processing module, wherein the first communication module is configured to: connect a computing server in a case of trusted boot of the trusted measurement apparatus, and (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...; see paragraph 0074 where the boot server is rebooted into clean mode...connectivity is reestablished, and the saved VM image is transferred to the production server at step 624.)
acquire a first set of trusted measurement results stored in the computing server; and (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...; see paragraph 0074 where the boot server is rebooted into clean mode...the saved VM image is transferred to the production server at step 624.)
the first processing module is configured to: determine a boot mode of a first boot loader of the computing server, (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...)
instruct, in a case of the first boot loader being in a trusted boot mode, the first communication module to acquire the first set of trusted measurement results stored in the computing server, and (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...; see paragraph 0074 where the boot server is rebooted into clean mode...the saved VM image is transferred to the production server at step 624.)
However, Raj does not explicitly teach determine trusted boot of the computing server in response to the first set of trusted measurement results being the same as a pre-stored first set of trusted measurement expected values,
wherein the first set of trusted measurement expected values are issued to the trusted measurement apparatus by a security master control server.
Kulkarni teaches determine trusted boot of the computing server in response to the first set of trusted measurement results being the same as a pre-stored first set of trusted measurement expected values, (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see paragraph 0024 also)
wherein the first set of trusted measurement expected values are issued to the trusted measurement apparatus by a security master control server. (Kulkarni, see fig. 4; see paragraph 0021 where Attestation manager 110 is configured to generate storage asset tags 114 and to provision a respective storage asset tag 114 to each server system that includes (e.g., hosts) a storage node; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted...; see paragraph 0024 also)
It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Raj and Kulkarni to provide the technique of determining trusted boot of the computing server in response to the first set of trusted measurement results being the same as a pre-stored first set of trusted measurement expected values and the first set of trusted measurement expected values are issued to the trusted measurement apparatus by a security master control server of Kulkarni in the system of Raj in order to make it easier to enforce data security, governance and compliance (Kulkarni, see paragraph 0003).
Claims 6-11 are rejected under 35 U.S.C. 103 as being unpatentable over Raj-Kulkarni in view of Hakala et al. (WO 2017/005276).
Regarding claim 6, Raj-Kulkarni teaches all of the features of claim 1. However, Raj-Kulkarni does not explicitly teach wherein after determining the trusted boot of the computing server, the method further comprises: in response to determining that a virtualized operating environment of the computing server is trusted, instructing the computing server to perform an operation for maintaining a life cycle of a virtual machine,
wherein the computing server performs trusted measurement on the virtual machine when the life cycle of the virtual machine changes.
Hakala teaches wherein after determining the trusted boot of the computing server, the method further comprises: in response to determining that a virtualized operating environment of the computing server is trusted, instructing the computing server to perform an operation for maintaining a life cycle of a virtual machine, (Hakala, see fig. 6; see page 8, lines 23-36 where The signatures of trusted pool software configurations are stored in the trusted VM signature store entity…; see page 9, lines 1-6 where integrity of any images created based on the Golden Image can then be attested over their entire lifecycle...; see page 11, lines 1-12 where the integrity of the dynamic virtual machine image for the rest of the lifecycle of the virtual machine...)
wherein the computing server performs trusted measurement on the virtual machine when the life cycle of the virtual machine changes. (Hakala, see fig. 6; see page 8, lines 23-36 where The signatures of trusted pool software configurations are stored in the trusted VM signature store entity…; see page 9, lines 1-6 where integrity of any images created based on the Golden Image can then be attested over their entire lifecycle...; see page 11, lines 1-12 where the integrity of the dynamic virtual machine image for the rest of the lifecycle of the virtual machine...)
It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Raj-Kulkarni and Hakala to provide the technique of in response to determining that a virtualized operating environment of the computing server is trusted, instructing the computing server to perform an operation for maintaining a life cycle of a virtual machine and the computing server performs trusted measurement on the virtual machine when the life cycle of the virtual machine changes of Hakala in the system of Raj-Kulkarni in order to ensure the integrity of virtual machines (Hakala, see page 1, lines 5-19).
Regarding claim 7, Raj-Kulkarni-Hakala teaches wherein after instructing the computing server to perform the operation for maintaining the life cycle of the virtual machine, the method further comprises: (Hakala, see fig. 6; see page 8, lines 23-36 where The signatures of trusted pool software configurations are stored in the trusted VM signature store entity…; see page 9, lines 1-6 where integrity of any images created based on the Golden Image can then be attested over their entire lifecycle...; see page 11, lines 1-12 where the integrity of the dynamic virtual machine image for the rest of the lifecycle of the virtual machine...) The motivation regarding to the obviousness to claim 6 is also applied to claim 7.
accessing the virtual machine, and determining a boot mode of a second boot loader of the virtual machine; (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...; see paragraph 0074 where the boot server is rebooted into clean mode...the saved VM image is transferred to the production server at step 624.)
in response to the second boot loader being in a trusted boot mode, acquiring a second set of trusted measurement results stored in the virtual machine; and (Raj, see figs. 5 and 6; see paragraph 0061 where determine which mode the boot server is in. If the boot server's attestation corresponds to the clean mode…; see paragraph 0026 where the boot server is rebooted into clean mode, its network connection is restored...; see paragraph 0074 where the boot server is rebooted into clean mode...the saved VM image is transferred to the production server at step 624.)
in response to the second set of trusted measurement results being the same as a pre-stored second set of trusted measurement expected values, determining trusted boot of the virtual machine, (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see paragraph 0024 also)
wherein the second set of trusted measurement expected values are issued to the trusted measurement apparatus by the security master control server. (Kulkarni, see fig. 4; see paragraph 0021 where Attestation manager 110 is configured to generate storage asset tags 114 and to provision a respective storage asset tag 114 to each server system that includes (e.g., hosts) a storage node; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see paragraph 0024 also) The motivation regarding to the obviousness to claim 1 is also applied to claim 7.
Regarding claim 8, Raj-Kulkarni-Hakala teaches wherein after instructing the computing server to perform the operation for maintaining the life cycle of the virtual machine, the method further comprises: (Hakala, see fig. 6; see page 8, lines 23-36 where The signatures of trusted pool software configurations are stored in the trusted VM signature store entity…; see page 9, lines 1-6 where integrity of any images created based on the Golden Image can then be attested over their entire lifecycle...; see page 11, lines 1-12 where the integrity of the dynamic virtual machine image for the rest of the lifecycle of the virtual machine...) The motivation regarding to the obviousness to claim 6 is also applied to claim 8.
in response to a second preset condition being met, executing a third security management and control policy, (Kulkarni, see fig. 4; see paragraph 0037 where If the trust status of the storage volume or the server system 121 hosting the storage volume is acceptable... the storage volume may be attached to the VM node 122 at operation 420...)
wherein the second preset condition comprises at least one of: the virtual machine is not successfully accessed after a preset duration passes; the second boot loader of the virtual machine is in an untrusted boot mode; it is determined that the trusted boot of the virtual machine fails. (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.) The motivation regarding to the obviousness to claim 1 is also applied to claim 8.
Regarding claim 9, Raj-Kulkarni-Hakala teaches wherein the third security management and control policy comprises at least one of: sending a third security alarm to a preset server; instructing the computing server to suspend operation of a Central Processing Unit (CPU) of the virtual machine. (Kulkarni, see fig. 4; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted. If the stored asset tag and the server system value do not match, then the server system 121 is not trusted and a trust error may be generated.; see also paragraph 0037) The motivation regarding to the obviousness to claim 1 is also applied to claim 9.
Regarding claim 10, Raj-Kulkarni-Hakala teaches wherein after acquiring the second set of trusted measurement results stored in the virtual machine, the method further comprises: in response to at least one of the second set of trusted measurement results being different from at least one of the second set of trusted measurement expected values, executing a fourth security management and control policy. (Kulkarni, see fig. 4; see paragraph 0037 where If the trust status of the storage volume or the server system 121 hosting the storage volume is not acceptable, the system generates a trust error that may be output at operation 406...; see also paragraph 0026). The motivation regarding to the obviousness to claim 1 is also applied to claim 10.
Regarding claim 11, Raj-Kulkarni-Hakala teaches wherein the fourth security management and control policy comprises at least one of: sending a fourth security alarm to a preset server; instructing the computing server to upgrade an operating system of the virtual machine; instructing the computing server to adjust a trusted measurement range of an application program of the virtual machine; sending a measurement-expected-value updating instruction to the computing server, wherein the measurement-expected-value updating instruction is configured to enable the computing server to update the measurement expected values stored in the virtual machine. (Raj, see figs. 5 and 6; see paragraph 0004 where After successful boot of the guest OS, an image is taken to preserve the state of the guest VM and booted guest OS. The boot server is then rebooted into a clean mode, and restored to a clean environment...; see also paragraphs 0025-0026).
Claims 12 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Raj-Kulkarni in view of Watt (U.S. PGPub 2015/0096011).
Regarding claim 12 and 16-19, Raj-Kulkarni teaches further comprising: receiving, at least one set of trusted measurement expected values sent by the security master control server, and locally storing the at least one set of trusted measurement expected values. (Kulkarni, see fig. 4; see paragraph 0021 where Attestation manager 110 is configured to generate storage asset tags 114 and to provision a respective storage asset tag 114 to each server system that includes (e.g., hosts) a storage node; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted...; see paragraph 0024 also) The motivation regarding to the obviousness to claim 1 is also applied to claim 12.
However, Raj-Kulkarni does not explicitly teach through an encrypted network,
Watt teaches through an encrypted network, (Watt, see paragraph 0072 where uses encrypted tunnels just as was described for Server 4 above. Because the tunnel traffic is encrypted and authenticated, its integrity and secrecy is maintained…)
It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Raj-Kulkarni and Watt to provide the technique of an encrypted network of Watt in the system of Raj-Kulkarni in order to maintain integrity and secrecy (Watt, see paragraph 0072).
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Raj-Kulkarni-Hakala in view of Watt (U.S. PGPub 2015/0096011).
Regarding claim 20, Raj-Kulkarni-Hakala further comprising: receiving, at least one set of trusted measurement expected values sent by the security master control server, and locally storing the at least one set of trusted measurement expected values. (Kulkarni, see fig. 4; see paragraph 0021 where Attestation manager 110 is configured to generate storage asset tags 114 and to provision a respective storage asset tag 114 to each server system that includes (e.g., hosts) a storage node; see paragraph 0026 where when a server system 121 is powered up (i.e., booted), a stored asset tag 114, 115 may be compared to a corresponding server system value determined after power up. If the stored asset tag and the server system value match, then the server system may be trusted...; see paragraph 0024 also) The motivation regarding to the obviousness to claim 1 is also applied to claim 20.
However, Raj-Kulkarni-Hakala does not explicitly teach through an encrypted network,
Watt teaches through an encrypted network, (Watt, see paragraph 0072 where uses encrypted tunnels just as was described for Server 4 above. Because the tunnel traffic is encrypted and authenticated, its integrity and secrecy is maintained…)
It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Raj-Kulkarni-Hakala and Watt to provide the technique of an encrypted network of Watt in the system of Raj-Kulkarni-Hakala in order to maintain integrity and secrecy (Watt, see paragraph 0072).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG VANG whose telephone number is (571)270-7023. The examiner can normally be reached M-F 8AM-2PM, 3PM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NICHOLAS TAYLOR can be reached at (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MENG VANG/Primary Examiner, Art Unit 2443