Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. In a preliminary amendment, claims 1-15 have been amended. Claims 1-15 have been examined.
Information Disclosure Statement
2. The information disclosure statement (IDS) submitted on 07/08/2024 and 10/31/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
3. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
4. Claims 1, 10 and 12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Alder et al. (“Migrating SGX Enclaves with Persistent State”; hereafter “Alder”).
For claim 1, Alder teaches a method for enabling enclave migration, wherein the contents of the enclave and its sealed data are transferred from a sending host, the sending host being a first machine, to a receiving host, the receiving host being a second machine (note page 6, Fig. 1, enclave migration from source machine to destination machine), the method comprising:
performing attestation between a security monitor of the sending host and a security monitor of the receiving host (note page 5, V. Design A. Design Overview Step 3) Migration Enclave performs a mutual remote attestation with the Migration Enclave on the destination machine and page 6, Fig. 1), wherein the attestation comprises an exchange of a shared cryptographic key K between the two security monitors (note page 9, VII. Evaluation A. Security Evaluation, all communication between enclaves is encrypted with symmetric keys established through Diffie-Hellman key agreement protocol bound to the attestation process);
using the shared cryptographic key K to implement a secure communication channel between the two security monitors (note page 5, V. Design A. Design Overview Step 3) Migration Enclave establishes a secure channel with the Migration Enclave on the destination machine and page 9, VII. Evaluation A. Security Evaluation, all communication between enclaves is encrypted with symmetric keys established through Diffie-Hellman key agreement protocol bound to the attestation process);
executing, by the two security monitors via the secure communication channel, a predetermined transfer protocol, the predetermined transfer protocol comprising:
an initial exchange of verification messages between the security monitors to verify that both security monitors are ready and can execute the transfer (note page 5, V. Design A. Design Overview Step 3) and page 8, D. The Migration Process, remote attestation includes verifying the integrity of the Migration Enclaves and checking whether they belong to the same cloud provider), and
a subsequent transfer of the enclave data between the security monitors (note page 5, V. Design A. Design Overview Step 4) and page 8, D. The Migration Process, Next, the data is sent to the Migration Enclave on the destination machine, where it is forwarded to a local Migration Library in the destination enclave).
For claim 12, Alder teaches a computational platform, the platform comprising:
an operating system (note page 1, I. Introduction, OS);
a hardware component (note page 1, I. Introduction, SGX hardware);
an enclave enabling applications to run in isolation from any other software running on the platform, the access control to contents of the enclave being protected by the hardware component (note page 2, II. Preliminaries, isolation execution environments called enclaves protected by SGX hardware); and
a security monitor implemented on top of the hardware component and configured to perform enclave management and orchestration (note page 5, V. Design A. Design Overview, Migration Enclave runs in a separate VM on top of system hardware and is responsible for managing the migration process of enclaves), the security monitor being further configured to:
perform attestation with a security monitor of a receiving host (note page 5, V. Design A. Design Overview Step 3) Migration Enclave performs a mutual remote attestation with the Migration Enclave on the destination machine and page 6, Fig. 1) and exchange a shared cryptographic key K with the security monitor of the receiving host (note page 9, VII. Evaluation A. Security Evaluation, all communication between enclaves is encrypted with symmetric keys established through Diffie-Hellman key agreement protocol bound to the attestation process);
use the shared cryptographic key K to implement a secure communication channel with the security monitor of the receiving host (note page 5, V. Design A. Design Overview Step 3) Migration Enclave establishes a secure channel with the Migration Enclave on the destination machine and page 9, VII. Evaluation A. Security Evaluation, all communication between enclaves is encrypted with symmetric keys established through Diffie-Hellman key agreement protocol bound to the attestation process);
execute via the secure communication channel a predetermined transfer protocol with the security monitor of the receiving host, the predetermined transfer protocol including comprising:
an initial exchange of verification messages between the security monitors to verify that both security monitors are ready and can execute the transfer (note page 5, V. Design A. Design Overview Step 3) and page 8, D. The Migration Process, remote attestation includes verifying the integrity of the Migration Enclaves and checking whether they belong to the same cloud provider), and
a subsequent transfer of the enclave data between the security monitors (note page 5, V. Design A. Design Overview Step 4) and page 8, D. The Migration Process, Next, the data is sent to the Migration Enclave on the destination machine, where it is forwarded to a local Migration Library in the destination enclave).
For claim 10, Alder teaches claim 1, wherein the predetermined transfer protocol is triggered by the security monitor of the sending host upon request of a hypervisor of the sending host (note page 12, X. Conclusion, last paragraph, hypervisor may call migrate function of all enclaves associated with a particular VM).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
5. Claims 2, 8-9 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Alder as applied to claims 1 above, and further in view of Soriente et al. (U.S. Patent Application Publication 2019/0243963; hereafter “Soriente”).
For claim 2, Alder differs from the claimed invention in that they fail to teach:
wherein timeouts defining a maximum admissible time duration for particular steps of the predetermined transfer protocol are implemented both for the initial exchange of the verification messages and for the subsequent transfer of the enclave data, and
wherein the predetermined transfer protocol is aborted if any of the implemented timeouts gets exceeded.
Soriente teaches:
wherein timeouts defining a maximum admissible time duration for particular steps of the predetermined transfer protocol are implemented both for the initial exchange of the verification messages and for the subsequent transfer of the enclave data (note paragraph [0078], message acknowledgements must be received within a given timeout), and
wherein the predetermined transfer protocol is aborted if any of the implemented timeouts gets exceeded (note paragraphs [0064] and [0078], failure to receive a message within a timeout means the device may infer the enclave handling the request crashed and communication with that enclave may be terminated).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the communication timeout of Soriente. One of ordinary skill would have been motivated to combine Alder and Soriente because switching to another enclave after a timeout would ensure continuous operation in spite of a potential crash failure (note paragraph [0064] of Soriente).
For claim 8, the combination of Alder and Soriente teaches claim 1, further comprising:
augmenting enclave applications with a manifest file that provides configuration information, including a maximum number of application instances that are allowed to run concurrently on a host (note paragraph [0065] of Soriente, enclave has a deployment policy with an upper bound on the number of enclaves that can run simultaneously).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the deployment policy of Soriente. One of ordinary skill would have been motivated to combine Alder and Soriente because a deployment policy would shift the burden of running an application from the application owner to the cloud service while making sure the cloud service is compliant with the owner’s wishes (note paragraph [0041] of Soriente).
For claim 9, the combination of Alder and Soriente claim 1, further comprising:
keeping consistent state on a status of the predetermined transfer protocol by means of a Crash Fault Tolerant (CFT) storage, wherein the CFT storage is run by a set of three or more security monitors including the security monitors of the sending and receiving host (note paragraphs [0042] and [0065] of Soriente, Enclave Management Layer, i.e. three or more enclaves including sender and receiver, includes a fault storage layer to keep track of the availability of devices).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the of Soriente. One of ordinary skill would have been motivated to combine Alder and Soriente because tracking crash failures would help ensure continuous operation (note paragraph [0064] of Soriente).
For claim 15, the combination of Alder and Soriente teaches claim 12, wherein the security monitor is further configured to:
keep a per application counter that tracks a number of instances of a respective application deployed on the platform (note paragraph [0085] of Soriente, number of application enclaves is counted); and
reject any request from the operating system to deploy a new instance, if the number of running instances has reached a threshold defined in a manifest file of the respective application (note paragraph [0085] of Soriente, the number exceeds an upper bound, the request is terminated).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the deployment policy of Soriente. One of ordinary skill would have been motivated to combine Alder and Soriente because a deployment policy would shift the burden of running an application from the application owner to the cloud service while making sure the cloud service is compliant with the owner’s wishes (note paragraph [0041] of Soriente).
6. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Alder as applied to claim 1 above, and further in view of Gu et al. (“Secure Live Migration of SGX Enclaves on Untrusted Cloud”; hereafter “Gu”).
For claim 5, Alder differs from the claimed invention in that they fail to teach:
wherein a subsequent transfer of the enclave data between the security monitors comprises:
decrypting, by the security monitor of the sending host, a set of DRAM pages D and data saved on persistent storage S that belongs to the enclave to be transferred;
re-encrypting D and S by using the shared cryptographic key K; and
sending encrypted D and S to the security monitor of the receiving host
Gu teaches:
wherein a subsequent transfer of the enclave data between the security monitors comprises:
decrypting, by the security monitor of the sending host, a set of DRAM pages D and data saved on persistent storage S that belongs to the enclave to be transferred (note page 10 B. Suggestions on Hardware Design for Migration, instructions ESWPOUT and ECHANGEOUT decrypt EPC pages and data stored in normal memory, i.e. DRAM pages D and data saved on persistent storage S);
re-encrypting D and S by using the shared cryptographic key K (note page 10 B. Suggestions on Hardware Design for Migration, instructions ESWPOUT and ECHANGEOUT re-encrypt pages and data using migration encryption key); and
sending encrypted D and S to the security monitor of the receiving host (note page 4, Fig. 2 and first paragraph, checkpoint data including enclave memory and execution context is sent encrypted using migration key)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the decryption and re-encryption of data of Gu. One of ordinary skill would have been motivated to combine Alder and Gu because it would improve security to encrypt the data with a shared migration key instead of the key specific to each CPU (note page 10, B. Suggestions on Hardware Design for Migration, second paragraph).
7. Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Alder as applied to claim 1 above, and further in view of Costa (U.S. Patent Application Publication 2018/0212966; hereafter “Costa”).
For claim 11, Alder differs from the claimed invention in that they fail to teach:
deriving, from the shared cryptographic key K, a first cryptographic key that is used for authenticating communication via the secure communication channel and a second cryptographic key that is used for encrypting communication via the secure communication channel.
Costa teaches:
deriving, from the shared cryptographic key K, a first cryptographic key that is used for authenticating communication via the secure communication channel and a second cryptographic key that is used for encrypting communication via the secure communication channel (note paragraph [0182], communications channel with enclave is secured with encryption, i.e. encrypting communication and signatures, i.e. authentication communication, using shared keys that are generated in the attestation processes of Fig. 5 and 6).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the encryption and signature keys of Costa. One of ordinary skill would have been motivated to combine Alder and Costa because encryption and signatures keys would assure both the confidentiality and integrity of messages in the communication channel (note paragraph [0041] of Costa).
8. Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Alder as applied to claim 12 above, and further in view of Chen et al. (U.S. Patent Application Publication 2020/0151366; hereafter “Chen”).
For claim 13, Alder differs from the claimed invention in that they fail to teach:
wherein the security monitor is enhanced with direct access to a trusted timer implemented in the hardware component.
Chen teaches:
wherein the security monitor is enhanced with direct access to a trusted timer implemented in the hardware component (note paragraphs [0045] and [0050], TEE implements a secure timer application for the applications of the TEE).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the secure timer of Chen. One of ordinary skill would have been motivated to combine Alder and Chen because using a secure timer would improve the reliability and trustworthiness for an application that relies on time (note paragraph [0004] of Chen).
For claim 14, the combination of Alder and Chen teaches claim 13, wherein a temporal variable is instantiated in the runtime memory of the security monitor that is overwritten each power cycle (note paragraphs [0045] and [0050] of Chen, a reference timestamp is stored in memory of the TEE when the device is booted up).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the enclave migration of Alder and the secure timer of Chen. One of ordinary skill would have been motivated to combine Alder and Chen because using a secure timer would improve the reliability and trustworthiness for an application that relies on time (note paragraph [0004] of Chen).
9. Claims 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Alder and Soriente as applied to claim 2 above, and further in view of Chen.
For claim 6, the combination of Alder and Soriente differs from the claimed invention in that they fail to teach:
observing, by the security monitors, the implemented timeouts using a trusted clock source that is secured against time alterations effected by a malicious operating system.
Chen teaches:
observing, by the security monitors, the implemented timeouts using a trusted clock source that is secured against time alterations effected by a malicious operating system (note paragraphs [0045] and [0050], TEE implements a secure timer application that is protected against rollback, i.e. malicious alteration, and isolated from the device’s operating system).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Alder and Soriente and the secure timer of Chen. One of ordinary skill would have been motivated to combine Alder, Soriente and Chen because using a secure timer would improve the reliability and trustworthiness for an application that relies on time (note paragraph [0004] of Chen).
For claim 7, the combination of Alder, Soriente and Chen teaches claim 6, further comprising:
instantiating a temporal variable in a runtime memory of each of the security monitors that is overwritten each power cycle (note paragraphs [0045] and [0050] of Chen, a reference timestamp is stored in memory of the TEE when the device is booted up).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Alder and Soriente and the secure timer of Chen. One of ordinary skill would have been motivated to combine Alder, Soriente and Chen because using a secure timer would improve the reliability and trustworthiness for an application that relies on time (note paragraph [0004] of Chen).
Allowable Subject Matter
10. Claims 3-4 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:
For claim 3, the prior art of record, alone or in combination, fails to teach the following limitations in conjunction with the rest of the claimed limitations:
wherein a timeout for the transfer of enclave data is defined to comprise a network delay between the two security monitors, a time required by another party to prepare a respective response according to the predetermined transfer protocol, and a tolerance margin.
The prior art of record (Soriente, Jin) disclose a message timeout, but fail to teach the specific inputs that define the timeout.
For claim 4, the prior art of record, alone or in combination, fails to teach the following limitations in conjunction with the rest of the claimed limitations:
sending, by the security monitor of the sending host, a prepare message to the security monitor of the receiving host, wherein the prepare message indicates a size of the enclave to be transferred; and sending, by the security monitor of the receiving host in reply to the prepare message, a ready message to the security monitor of the sending host, wherein the ready message indicates a readiness of the security monitor of the receiving host to receive the enclave to be transferred.
The prior art of record (Alder, Gu, Tsirkin) discloses live migration, but fail to teach a prepare message with the size of the enclave and a ready message reply.
Conclusion
11. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Jin et al. (U.S. Patent Application Publication 2019/0228135) discloses a time-out period for enclave messages based on network delay and processing significance of the enclave (note paragraphs [0048]-[0049]).
Tsirkin et al. (U.S. Patent Application Publication 2021/0173685) discloses live migration of virtual machines with decryption and re-encryption of memory pages (note paragraph [0052]).
Zhang et al. (U.S. Patent Application Publication 2020/0234275) discloses a TEE with a secure element and a secure clock (note paragraph [0040]).
12. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 8:30 - 6:00 pm; Monday through Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at (571)270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
DAVID J. PEARSON
Primary Examiner
Art Unit 2407
/David J Pearson/Primary Examiner, Art Unit 2407