DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/06/2025, 07/01/2025, 07/21/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Claim Status
Claims 1-26 are pending
Claims 1, 2, 4, 5-10, 12-14, 16-20, 22-24 are rejected under 35 USC § 103
Claims 3, 11, 15, 21, 25 and 26 are objected to.
Non-Statutory Type Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time wise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Langi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(1)(1) - 706.02(1)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patenVpatents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIN25, or PTO/AIN26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-l.isp
"A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by the earlier claim. ln re Longi-759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). " ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Regarding claim 13, combination of claims 10 and 2 of “reference patent US 12450173 B2” as shown in the table below contains the mapping of the claims in the instant application”. It seems that all the claim elements of the instant claim 13 are matching in contents (while language is different) to subset of reference claims 10 and 2 of reference patent US 12450173 B2. There is no new patentably distinct claim element in the instant claim.
Regarding claim 1, combination of claims 10 and 2 of “reference patent US 12450173 B2” as shown in the table below contains the mapping of the claims in the instant application”. It seems that all the claim elements of the instant claim 1 are matching in contents (while language is different) to subset of reference claims 10 and 2 of reference patent US 12450173 B2. There is no new patentably distinct claim element in the instant claim.
Regarding claim 22, combination of claims 10 and 2 of “reference patent US 12450173 B2” as shown in the table below contains the mapping of the claims in the instant application”. It seems that all the claim elements of the instant claim 22 are matching in contents (while language is different) to subset of reference claims 10 and 2 of reference patent US 12450173 B2. There is no new patentably distinct claim element in the instant claim.
Examiner: Since the dependent claims are not subject to double patenting, applicant may bring in contents from dependent claim to instant claim 1, 13 and 22 to overcome the DP issue of the independent claims.
Instant app#: 19/072,499
Reference patent no: 12450173, app# 17/554,190
claim 13
claim 10
A method comprising:
A method comprising:
executing a first one or more instructions in response to a first function call from a virtual machine monitor (VMM) to establish a protected virtual machine (VM); and
executing a first one or more of instructions to establish a trusted domain using a trusted domain key, the trusted domain key to be used to encrypt memory pages of the trusted domain;
executing a second one or more instructions in response to a second function call from the VMM to add a memory page to the protected VM,
executing a second one or more of the instructions to add a first memory page to the trusted domain,
wherein the memory page is private to the protected VM, wherein the execution of the second one or more instructions to add the memory page includes storing a first set of page attributes for the memory page in a secure extended page table at a storage location,
wherein the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, wherein the first set of page attributes indicates how the first memory page is mapped in a secure extended page table, and
the secure extended page table having translations of guest physical addresses to host physical addresses,
wherein the secure extended page table is to translate guest physical addresses to host physical addresses;
the first set of page attributes indicating the memory page is of a specified type of a plurality of specifiable types.
storing the first set of page attributes for the first memory page in the secure extended page table at a storage location responsive to executing the second one or more of the instructions.
claim 2
The non-transitory computer-readable storage medium of claim 1, wherein the specified type is an address translation type. Examiner: page table is used for mapping/translating addresses.
executing a third one or more of the instructions to augment a second memory page to the trusted domain, wherein the second memory page is private to the trusted domain; and
executing a fourth one or more of the instructions to accept augmenting the second memory page for the trusted domain, wherein the fourth one or more of the instructions is to set a second set of page attributes for the second memory page, wherein the second set of page attributes indicates how the second memory page is mapped in the secure extended page table, and wherein the trusted domain determines to accept augmenting the second memory page for the trusted domain prior to executing the fourth one or more of the instructions.
Instant app#: 19/072,499
Reference patent no: 12450173, app# 17/554,190
Claim 1
claim 10
A non-transitory computer-readable storage medium storing instructions that when executed by a computing system cause the computing system to perform operations, including to:
A method comprising:
execute a first one or more of the instructions in response to a first function call from a virtual machine monitor (VMM) to establish a protected virtual machine (VM); and
executing a first one or more of instructions to establish a trusted domain using a trusted domain key, the trusted domain key to be used to encrypt memory pages of the trusted domain;
execute a second one or more of the instructions in response to a second function call from the VMM to add a memory page to the protected VM,
executing a second one or more of the instructions to add a first memory page to the trusted domain,
wherein the memory page is private to the protected VM, wherein to add the memory page includes to store a first set of page attributes for the memory page in a secure extended page table at a storage location,
wherein the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, wherein the first set of page attributes indicates how the first memory page is mapped in a secure extended page table, and
the secure extended page table to have translations of guest physical addresses to host physical addresses,
wherein the secure extended page table is to translate guest physical addresses to host physical addresses;
wherein the first set of page attributes are to indicate the memory page is of a specified type of a plurality of specifiable types.
storing the first set of page attributes for the first memory page in the secure extended page table at a storage location responsive to executing the second one or more of the instructions.
claim 2
The non-transitory computer-readable storage medium of claim 1, wherein the specified type is an address translation type. Examiner: page table is used for mapping/translating addresses.
executing a third one or more of the instructions to augment a second memory page to the trusted domain, wherein the second memory page is private to the trusted domain; and
executing a fourth one or more of the instructions to accept augmenting the second memory page for the trusted domain, wherein the fourth one or more of the instructions is to set a second set of page attributes for the second memory page, wherein the second set of page attributes indicates how the second memory page is mapped in the secure extended page table, and wherein the trusted domain determines to accept augmenting the second memory page for the trusted domain prior to executing the fourth one or more of the instructions.
Instant app#: 19/072,499
Reference patent no: 12450173, app# 17/554,190
claim 22
claim 10
A computing system comprising:
A method comprising:
a processor; and
a memory coupled with the processor, the memory storing instructions that when executed by the processor cause the computing system to perform operations, including to:
execute a first one or more of the instructions in response to a first function call from a virtual machine monitor (VMM) to establish a protected virtual machine (VM); and
executing a first one or more of instructions to establish a trusted domain using a trusted domain key, the trusted domain key to be used to encrypt memory pages of the trusted domain;
execute a second one or more of the instructions in response to a second function call from the VMM to add a memory page to the protected VM, wherein the memory page is private to the protected VM,
executing a second one or more of the instructions to add a first memory page to the trusted domain,
wherein to add the memory page includes to store a first set of page attributes for the memory page in a secure extended page table at a storage location,
wherein the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, wherein the first set of page attributes indicates how the first memory page is mapped in a secure extended page table, and
the secure extended page table to have translations of guest physical addresses to host physical addresses,
wherein the secure extended page table is to translate guest physical addresses to host physical addresses;
wherein the first set of page attributes are to indicate the memory page is of a specified type of a plurality of specifiable types.
storing the first set of page attributes for the first memory page in the secure extended page table at a storage location responsive to executing the second one or more of the instructions.
claim 2
The non-transitory computer-readable storage medium of claim 1, wherein the specified type is an address translation type. Examiner: page table is used for mapping/translating addresses.
executing a third one or more of the instructions to augment a second memory page to the trusted domain, wherein the second memory page is private to the trusted domain; and
executing a fourth one or more of the instructions to accept augmenting the second memory page for the trusted domain, wherein the fourth one or more of the instructions is to set a second set of page attributes for the second memory page, wherein the second set of page attributes indicates how the second memory page is mapped in the secure extended page table, and wherein the trusted domain determines to accept augmenting the second memory page for the trusted domain prior to executing the fourth one or more of the instructions.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 4, 5, 8, 9, 10, 12, 13, 14, 16, 19, 20, 22, 23 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Ouziel et al. (US 20200201786 A1) in view of Neiger et al. (US 20190042299 A1)
Regarding claim 1 Ouziel discloses:
A non-transitory computer-readable storage medium storing instructions that when executed by a computing system cause the computing system to perform operations, including to:execute a first one or more of the instructions in response to a first function call from a virtual machine monitor (VMM) to establish a protected virtual machine (VM) (Spec [0032] defines - a Trusted Domain (TD) is a protected VM. Spec [0039, 0043] discloses - a resource management capability referred to herein as the trust domain resource manager (TDRM) and a TDRM may be a software extension of the Virtual Machine Monitor (VMM). Spec [0047] discloses - The TDRM 180 may include a VMM (may also be referred to as hypervisor) that may instantiate one or more TDs 190A-190C accessible by the client devices 101A-101C via a network interface 170. Spec [0068] discloses - A TDRM may be implemented as part of the cloud service provider (CSP)CSP/root VMM. The TDRM 180 manages the operation of TDs 190A. While a TDRM 180 can assign and manage resources, such as CPU, memory, and input/output (I/O) to TDs. So, combining all the quotes/definitions/disclosures in the spec - it is clear that for the instant claims - TD and protected VM are same thing and a TDRM is similar to VMM.
Ouziel: [0025]: teaches enabling coexistence of trusted domain (TD) infrastructure with multi-key total memory encryption (MK-TME) technology. MK-TME technology refers to providing a capability to an operating system (or a hypervisor, in a virtual computing environment) to use different encryption keys to encrypt pages of physical memory associated with different clients/applications. A TD/VM infrastructure refers to allowing clients/applications to execute within highly secured environments of TDs/VMs where even the operating system (or the hypervisor or VMM) may not have access to physical memory pages associated with TDs/VMs. Ouziel [0036] FIG. 1A teaches a virtualization server 110 supporting multiple client devices 102A, 102B, and 102C. The virtualization server 110 includes, a processor 112, memory device 130, and one or more TDs 150A, 150B, and 150C. The processor 112 executes a virtual machine monitor (VMM) or hypervisor 140, a TD Resource Manager (TDRM) 142, which in turn runs one or more virtual machines (VMs) 155. Running virtual machines is similar to running instructions in response to function call.); and
execute a second one or more of the instructions in response to a second function call from the VMM to add a memory page to the protected VM, wherein the memory page is private to the protected VM (Ouziel:[0194] Example 18: teaches allocating, by the hypervisor, to a first trusted domain (similar to VM) a restricted key ID and allocating, by a memory controller, a first physical page of a memory to the first trust domain, wherein data in the first physical page of the memory is to be encrypted with an encryption key associated with the first key ID. Ouziel: [0035] teaches a TD needing to be able to use different encryptions keys-at least one restricted key for its secure operations and access to the TD's private memory pages.),
wherein to add the memory page includes to store a first set of page attributes for the memory page in a secure [extended] page table at a storage location (Ouziel:[0050]: teaches the memory controller 120 is coupled to the VMs, which run outside the TDX architecture, and to the memory ownership table (MOT) 126 used to store attributes of physical memory pages, such as allocations of physical memory pages to the TDs and VMs. Ouziel:[0083]: teaches the MOT 126 holding the following attributes for each 4 KB page of host physical memory: host physical address 282 of a host physical memory page, page status 284 (indicating whether the page is a valid memory page), page state 286 (indicating whether the page is assigned, is in the process of assigning/freeing/reassigning to a TD, and so on), TD Identifier (TDID) 288 (indicating to what specific TD the page is assigned), and key ID 250 of the encryption key used to encrypt/decrypt the host physical memory page),
Ouziel discloses trusted domain and domain key and the teaching implies TD being configured by page attribute stored in page attribute table. While Ouziel discloses using page attribute to define pages in trusted domain in general term, disclosure in Ouziel is not very explicit about extended page table and guest physical address translation.
Neiger discloses:
wherein to add the memory page includes to store a first set of page attributes for the memory page in a secure extended page table at a storage location (Neiger: [0026]-[0028] teaches page attribute values stored in an entry of an extended page table e.g., EPT 132, guest page tables 152. The EPT walk logic 120 walks the EPT 132 to determine (e.g., retrieve) a mapping, attributes, etc. stored in an entry of the EPT 132 and stores the mapping, attributes, etc. e.g., in physical memory 124 for use by the guest page table walk logic 122),
the secure extended page table to have translations of guest physical addresses to host physical addresses (Neiger: [0022] teaches memory unit 128 includes multi-level page translation logic 118. The memory unit 128 includes the EPT walk logic 120 and guest page table walk logic 122 of the multilevel page translation logic 118. The execution unit 126 may include the enforcing logic 116. Neiger: [0025] teaches the processor 112 providing a virtualization environment that uses multi-level paging (e.g., via multi-level page translation logic 118) in which the last level translation is controlled by the VMM 130. The multi-level page translation logic 118 of the processor 112 includes EPT walk logic 120 and guest page table walk logic 122 (e.g., guest OS table walk logic). The multi-level page translation logic 118 checks the memory access rights (e.g., based on page attributes) during execution of guest applications to prevent certain types of memory accesses (e.g., those caused by stray accesses) that are not permitted by VMM 130 as specified in the EPT 132 and/or that are not permitted by the VM 140 as specified in the guest page tables 152. Neiger: [0024] teaches each one of the physical memory pages is associated with an identifier that uniquely identifies the physical memory page. A virtual memory page of the virtual address is mapped corresponding to a fixed-sized unit in the physical address space of the physical memory 124 (e.g., a memory frame, a physical memory page). During execution of a guest application (e.g., on VM 140), responsive to a request to access physical memory 124, the processor 112 uses mappings e.g., mappings of virtual memory page to physical memory page in page tables such as guest page tables 152 of the VM 140 and extended page table e.g., EPT 132 of the VMM 130 to access physical memory pages of physical memory 124.),
wherein the first set of page attributes are to indicate the memory page is of a specified type of a plurality of specifiable types (Neiger: [0017] Teaches memory isolation between the VMM and the VM allows the VMM to control page attributes e.g., RWX attributes, cache attributes of the virtual memory pages. So, Neiger teaches the page attribute of the memory page being of specific type.)
Both Ouziel and Neiger represent works within the same field of endeavor, namely information processing devices focusing on virtual machines. It would therefore have been obvious to one of ordinary skill in the art before the claimed invention was effectively filed to apply Ouziel in view of Neiger as it represents a combination of known prior art elements according to known methods (virtual machines with trusted domains in Ouziel using extended page table for trusted domains as used in Neiger) to yield a more efficient and secured virtual machine computing resulting in a more efficient and more reliable computing system (see also Neiger [0017, [0022]-[0028]).
Regarding claim 13, this is a method claim corresponding to non-transitory computer-readable storage medium claim 1 and is rejected for the same reasons mutatis mutandis.
Regarding claim 22, this is a system claim corresponding to non-transitory computer-readable storage medium claim 1 and is rejected for the same reasons mutatis mutandis.
Regarding claim 2 Ouziel/Neiger discloses: The non-transitory computer-readable storage medium of claim 1, wherein the specified type is an address translation type (Neiger: [0025]: teaches the processor 112 may provide a virtualization environment that uses multi-level paging e.g., via multi-level page translation logic 118 in which the last level translation is controlled by the VMM 130. The multi-level page translation logic 118 of the processor 112 may include extended page table (EPT) walk logic 120 and guest page table walk logic 122. So, page attributes mentioned in the page table includes last level translation.).
Regarding claim 14, this is a method claim corresponding to non-transitory computer-readable storage medium claim 2 and is rejected for the same reasons mutatis mutandis.
Regarding claim 24, this is a system claim corresponding to non-transitory computer-readable storage medium claim 2 and is rejected for the same reasons mutatis mutandis.
Regarding claim 4 Ouziel/Neiger discloses: The non-transitory computer-readable storage medium of claim 1, wherein the protected VM is to use a key, the key to be used to encrypt memory pages of the protected VM (Ouziel: [0025] teaches enabling coexistence of trusted domain (TD) (protected VM) infrastructure with multi-key total memory encryption (MK-TME) technology. MK-TME technology refers to providing a capability to an operating system (or a hypervisor, in a virtual computing environment) to use different encryption keys to encrypt pages of physical memory associated with different clients/applications).
Regarding claim 16, this is a method claim corresponding to non-transitory computer-readable storage medium claim 4 and is rejected for the same reasons mutatis mutandis.
Regarding claim 5 Ouziel/Neiger discloses:
The non-transitory computer-readable storage medium of claim 1, wherein the execution of the first one or more of the instructions and the execution of the second one or more of the instructions are to be performed in a secure mode of a processor (Neiger: [0019-0021] FIG. 1: teaches a system 100 including physical hardware 110, a VMM 130, and one or more VMs 140. The physical hardware 110 includes a processor 112 and physical memory 124 that is communicably coupled to the processor 112. The processor 112 includes a logic circuit implemented to support execution of a set of virtualization instructions (e.g., virtual-machine extension (VMX)) to provide support for one or more virtualization environments ported on the physical hardware 110. The VMX provide processor-level support for one or more VMs 140. The VMX includes instructions to support a VMM 130 that is a host program that allows one or more execution environments (e.g., VMs 140) to run on the physical hardware 110. VMM 130 creates and runs one or more VMs 140. Processor core 114 executes the VMM 130 (that includes an EPT 132) and one or more VMs 140 (that include guest page tables 152). Neiger: [0029]: teaches VMM 130 specifying access rights in an entry of the EPT 132 different from the access rights assigned to the corresponding guest page table 152 by the guest OS 150. In this way, VMM 130 provides a further layer of protection/security to a physical memory page (e.g., insecure memory page 168) by modifying access rights stored in the entry of the EPT 132 based on rules.
So, Neiger teaches processor running set of virtualization instructions to support VMM 130 creating VMs and provides extra security using extended page table EPT 132. The processor's running VMM to provide extra security to VMs is similar to processor's running in a secure mode.)
Regarding claim 8 Ouziel/Neiger discloses: The non-transitory computer-readable storage medium of claim 1, wherein the operations further include to execute a third one or more of the instructions to update a translation for the memory page in an entry of the secure extended page table so the protected VM cannot access the memory page (Neiger: [0017] Teaches memory isolation between the VMM and the VM allows the VMM to control page attributes (e.g., RWX attributes, cache attributes) of the virtual memory pages. Neiger discloses that this is the conventional way of memory isolation for VMM/trusted domain. Neiger: [0022] teaches memory unit 128 includes multi-level page translation logic 118. The memory unit 128 includes the EPT walk logic 120 and guest page table walk logic 122 of the multilevel page translation logic 118. The execution unit 126 may include the enforcing logic 116. Neiger: [0025] teaches the processor 112 providing a virtualization environment that uses multi-level paging (e.g., via multi-level page translation logic 118) in which the last level translation is controlled by the VMM 130. The multi-level page translation logic 118 of the processor 112 includes EPT walk logic 120 and guest page table walk logic 122 (e.g., guest OS table walk logic). The multi-level page translation logic 118 checks the memory access rights (e.g., based on page attributes) during execution of guest applications to prevent certain types of memory accesses (e.g., those caused by stray accesses) that are not permitted by VMM 130 as specified in the EPT 132 and/or that are not permitted by the VM 140 as specified in the guest page tables 152. Neiger: [0024] teaches each one of the physical memory pages is associated with an identifier that uniquely identifies the physical memory page. A virtual memory page of the virtual address is mapped corresponding to a fixed-sized unit in the physical address space of the physical memory 124 (e.g., a memory frame, a physical memory page). During execution of a guest application (e.g., on VM 140), responsive to a request to access physical memory 124, the processor 112 uses mappings e.g., mappings of virtual memory page to physical memory page in page tables such as guest page tables 152 of the VM 140 and EPT 132 of the VMM 130 to access physical memory pages of physical memory 124.).
Regarding claim 19, this is a method claim corresponding to non-transitory computer-readable storage medium claim 8 and is rejected for the same reasons mutatis mutandis.
Regarding claim 23, this is a system claim corresponding to non-transitory computer-readable storage medium claim 8 and is rejected for the same reasons mutatis mutandis.
Regarding claim 9 Ouziel/Neiger discloses: The non-transitory computer-readable storage medium of claim 1, wherein the execution of the second one or more of the instructions is to occur at build time before the protected VM is able to run (Claim 1 explains that the second one or more of the instructions are executed to add memory pages to the protected VM. Ouziel: [0025]: teaches enabling coexistence of trusted domain (TD) infrastructure with multi-key total memory encryption (MK-TME) technology. MK-TME technology refers to providing a capability to an operating system (or a hypervisor, in a virtual computing environment) to use different encryption keys to encrypt pages of physical memory associated with different clients/applications. A TD/VM infrastructure refers to allowing clients/applications to execute within highly secured environments of TDs/VMs where even the operating system (or the hypervisor or VMM) may not have access to physical memory pages associated with TDs/VMs. Ouziel: [0035] teaches a TD needing to be able to use different encryptions keys-at least one restricted key for its secure operations and access to the TD's private memory pages. So, Ouziel teaches a VM needing memory to be able to run applications and since second one or more instructions are used by VMM to add memory to the VM, it becomes obvious that these instructions need to be executed during build time of a VM and once memory is allocated for a VM, VM build is complete and it can run applications.)
Regarding claim 10 Ouziel/Neiger discloses: The non-transitory computer-readable storage medium of claim 1, wherein the VMM is untrusted by the protected VM (Neiger: [0035]: teaches the virtual memory page logic 156 classifies virtual memory pages of the virtual memory 160 of the VM 140 as a secure memory page 166. A virtual memory page may be classified as secure memory pages 166 based on a need for confidentiality, integrity, and replay protection e.g., contains confidential code and/or data the VM 140 is to protect from the VMM 130 that is untrusted e.g., a VMM 130 that is operated by an entity that is different than the entity that uses the VM 140.).
Regarding claim 20, this is a method claim corresponding to the combination of non-transitory computer-readable storage medium claim 9 and computer-readable storage medium claim 10 and is rejected for the same reasons mutatis mutandis.
Regarding claim 12 Ouziel/Neiger discloses: The non-transitory computer-readable storage medium of claim 1, wherein the VMM is untrusted by the protected VM (Neiger: [0035]: teaches the virtual memory page logic 156 classifies virtual memory pages of the virtual memory 160 of the VM 140 as a secure memory page 166. A virtual memory page may be classified as secure memory pages 166 based on a need for confidentiality, integrity, and replay protection e.g., contains confidential code and/or data the VM 140 is to protect from the VMM 130 that is untrusted e.g., a VMM 130 that is operated by an entity that is different than the entity that uses the VM 140.), wherein the execution of the first one or more of the instructions and the execution of the second one or more of the instructions are to be performed in a secure mode of a processor (Neiger: [0019-0021] FIG. 1: teaches a system 100 including physical hardware 110, a VMM 130, and one or more VMs 140. The physical hardware 110 includes a processor 112 and physical memory 124 that is communicably coupled to the processor 112. The processor 112 includes a logic circuit implemented to support execution of a set of virtualization instructions (e.g., virtual-machine extension (VMX)) to provide support for one or more virtualization environments ported on the physical hardware 110. The VMX provide processor-level support for one or more VMs 140. The VMX includes instructions to support a VMM 130 that is a host program that allows one or more execution environments (e.g., VMs 140) to run on the physical hardware 110. VMM 130 creates and runs one or more VMs 140. Processor core 114 executes the VMM 130 (that includes an EPT 132) and one or more VMs 140 (that include guest page tables 152). Neiger: [0029]: teaches VMM 130 specifying access rights in an entry of the EPT 132 different from the access rights assigned to the corresponding guest page table 152 by the guest OS 150. In this way, VMM 130 provides a further layer of protection/security to a physical memory page (e.g., insecure memory page 168) by modifying access rights stored in the entry of the EPT 132 based on rules. So, Neiger teaches processor running set of virtualization instructions to support VMM 130 creating VMs and provides extra security using extended page table EPT 132. The processor's running VMM to provide extra security to VMs is similar to processor's running in a secure mode.), wherein the second function call is an application interface instruction, and wherein the execution of the second one or more of the instructions is to occur at build time before the protected VM is able to run (Claim 1 explains that the second one or more of the instructions are executed to add memory pages to the protected VM. Ouziel: [0025]: teaches enabling coexistence of trusted domain (TD) infrastructure with multi-key total memory encryption (MK-TME) technology. MK-TME technology refers to providing a capability to an operating system (or a hypervisor, in a virtual computing environment) to use different encryption keys to encrypt pages of physical memory associated with different clients/applications. A TD/VM infrastructure refers to allowing clients/applications to execute within highly secured environments of TDs/VMs where even the operating system (or the hypervisor or VMM) may not have access to physical memory pages associated with TDs/VMs. Ouziel: [0035] teaches a TD needing to be able to use different encryptions keys-at least one restricted key for its secure operations and access to the TD's private memory pages. So, Ouziel teaches a VM needing memory to be able to run applications and since second one or more instructions are used by VMM to add memory to the VM, it becomes obvious that these instructions need to be executed during build time of a VM and once memory is allocated for a VM, VM build is complete and it can run applications).
Claims 6, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Ouziel et al. (US 20200201786 A1) in view of Neiger et al. (US 20190042299 A1) in view of Patel; Purvi Sharadchandra et al. (US 20210019442 A1)[Patel]
Regarding claim 6 Ouziel/Neiger discloses all the limitation of claim 1. However, Ouziel/Neiger did not explicitly disclose function call being an application interface instruction.
Patel discloses:
The non-transitory computer-readable storage medium of claim 1, wherein the second function call is an application interface instruction (Spec: [00187] discloses - A host VMM (e.g., TDRM or root VMM 180) may add private memory pages during TD build time, before the TD can run. This may be performed through a host VMM application programming interface (API) through which the host VMM launches and manages guest TDs.
Patel:[0011]: teaches performing memory tagging via calls from an application to an application programming interface (API). The API is supported by an OS that enables execution of the application. A virtual memory page that is allocated to the application is tagged as sensitive at the time of allocation or after allocation. Virtual memory pages is also tagged as non-sensitive using the API. So, Patel teaches using application interface as a function call during VM operations.).
Both Ouziel/Neiger and Patel represent works within the same field of endeavor, namely information processing devices focusing on virtual machines. It would therefore have been obvious to one of ordinary skill in the art before the claimed invention was effectively filed to apply Ouziel/Neiger in view of Patel as it represents a combination of known prior art elements according to known methods (virtual machines with trusted domains in Ouziel/Neiger using application interface function calls as used in Patel) to yield a more efficient and secured virtual machine computing resulting in a more efficient and more reliable computing system (see also Patel [0011]).
Regarding claim 17 Ouziel/Neiger discloses: The method of claim 13, wherein the execution of the first one or more instructions and the execution of the second one or more instructions are performed in a secure mode of a processor, and [wherein the second function call is an application interface instruction] (Neiger: [0019-0021] FIG. 1: teaches a system 100 including physical hardware 110, a VMM 130, and one or more VMs 140. The physical hardware 110 includes a processor 112 and physical memory 124 that is communicably coupled to the processor 112. The processor 112 includes a logic circuit implemented to support execution of a set of virtualization instructions (e.g., virtual-machine extension (VMX)) to provide support for one or more virtualization environments ported on the physical hardware 110. The VMX provide processor-level support for one or more VMs 140. The VMX includes instructions to support a VMM 130 that is a host program that allows one or more execution environments (e.g., VMs 140) to run on the physical hardware 110. VMM 130 creates and runs one or more VMs 140. Processor core 114 executes the VMM 130 (that includes an EPT 132) and one or more VMs 140 (that include guest page tables 152). Neiger: [0029]: teaches VMM 130 specifying access rights in an entry of the EPT 132 different from the access rights assigned to the corresponding guest page table 152 by the guest OS 150. In this way, VMM 130 provides a further layer of protection/security to a physical memory page (e.g., insecure memory page 168) by modifying access rights stored in the entry of the EPT 132 based on rules. So, Neiger teaches processor running set of virtualization instructions to support VMM 130 creating VMs and provides extra security using extended page table EPT 132. The processor's running VMM to provide extra security to VMs is similar to processor's running in a secure mode.). Ouziel/Neiger discloses the limitations of claim 17 as shared above. However, Ouziel/Neiger did not explicitly disclose function call being an application interface instruction.
Patel discloses:
The method of claim 13, [wherein the execution of the first one or more instructions and the execution of the second one or more instructions are performed in a secure mode of a processor], and wherein the second function call is an application interface instruction (Spec: [00187] discloses - A host VMM (e.g., TDRM or root VMM 180) may add private memory pages during TD build time, before the TD can run. This may be performed through a host VMM application programming interface (API) through which the host VMM launches and manages guest TDs.
Patel:[0011]: teaches performing memory tagging via calls from an application to an application programming interface (API). The API is supported by an OS that enables execution of the application. A virtual memory page that is allocated to the application is tagged as sensitive at the time of allocation or after allocation. Virtual memory pages is also tagged as non-sensitive using the API. So, Patel teaches using application interface as a function call during VM operations.).
Both Ouziel/Neiger and Patel represent works within the same field of endeavor, namely information processing devices focusing on virtual machines. It would therefore have been obvious to one of ordinary skill in the art before the claimed invention was effectively filed to apply Ouziel/Neiger in view of Patel as it represents a combination of known prior art elements according to known methods (virtual machines with trusted domains in Ouziel/Neiger using application interface function calls as used in Patel) to yield a more efficient and secured virtual machine computing resulting in a more efficient and more reliable computing system (see also Patel [0011]).
Claims 7, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ouziel et al. (US 20200201786 A1) in view of Neiger et al. (US 20190042299 A1) in view of Khosravi; Hormuzd M. et al. (US 20190042466 A1)[Khosravi]
Regarding claim 7 Ouziel/Neiger discloses all the limitation of claim 1. However, Ouziel/Neiger did not explicitly disclose removing a memory page from the protected VM.
Khosravi discloses:
The non-transitory computer-readable storage medium of claim 1, wherein the operations further include to execute a third one or more of the instructions to remove a memory page from the protected VM (Khosravi: [0112] Example 1 : teaches a processing device comprising: a memory controller; and a memory paging circuit, operatively coupled to the memory controller, to: evict a memory page associated with a trust domain (TD) executed by the processing device; remove a binding of the memory page to a first memory location of the TD; create a transportable page that comprises encrypted contents of the memory page; and provide the memory page to a second memory location. So, removing binding of memory page from TD (protected VM) and moving the memory page to a second location is same as removing a memory page from protected location).
Both Ouziel/Neiger and Khosravi represent works within the same field of endeavor, namely information processing devices focusing on virtual machines. It would therefore have been obvious to one of ordinary skill in the art before the claimed invention was effectively filed to apply Ouziel/Neiger in view of Khosravi as it represents a combination of known prior art elements according to known methods (virtual machines with trusted domains in Ouziel/Neiger removing a memory page from protected VM as used in Khosravi) to yield a more efficient and secured virtual machine computing resulting in a more efficient and more reliable computing system (see also Khosravi [0112]).
Regarding claim 18, this is a method claim corresponding to non-transitory computer-readable storage medium claim 7 and is rejected for the same reasons mutatis mutandis.
Allowable Subject Matter
Claims 3, 11, 15, 21, 25 and 26 are being objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims 1, 13 and 22 are also subject to non-statutory double patenting rejection and will also need to overcome that double patenting issue as outlined above in order to be allowed.
The following is a statement of reasons for the indication of allowable subject matter:
Claim 3 states, ‘The non-transitory computer-readable storage medium of claim 1, wherein to add the memory page includes to copy initial contents to the memory page and mark a translation for the memory page valid in an entry of the secure extended page table so the protected VM can access the memory page.’
Prior art teaches claim elements in claim 1 as shared above. Few other equally potential prior arts teaching the same is shared here.
Spec defines - Spec: [00134] TDADDPAGE 804 This instruction adds a page to the TD 190A. The TDRM 180 specifies the initial contents of this page through a parameter. This instruction first copies the initial contents to the page such that the contents are encrypted with the private encryption key of TD 190A. Subsequently, this instruction also updates and makes the corresponding translation in the SEPT 334 valid such that the TD 190A can now access these pages. This instruction uses the Assign Mapping and Unblock Mapping micro-instructions described below to update SEPT 334
Prior art DONG Y et al. (WO 2019000358 A1)[Dong]: abstract: discloses an apparatus having an execution logic for determining initial hash values for respective virtual graphics processing unit (vGPU) memory pages that correspond to a set of memory addresses based on content stored in the respective vGPU memory pages and adds the initial hash values to log, determines current hash values for the respective vGPU memory pages based on content stored in the respective vGPU memory pages following initial iteration responsive to first of two copy iterations of pre-memory copy phase, adds memory addresses from among the set of memory addresses to a dirty page table based on current hash values not matching initial hash values for the memory addresses added to the dirty page table and copies content included in vGPU memory pages during stop-and-copy phase to live migrate a virtual machine (VM) (130-1-130-n) to a destination server (120) based on whether the vGPU memory pages correspond to the memory addresses added to the dirty page table. However, Dong’s copy is related to ‘live migration of a virtual machine (VM)’ and is not copying initial contents during allocation of memory to a VM as claimed and as defined in the spec section [00134].
Prior art Lam; Kingtin et al. (US 20160034397 A1)[Lam]: [0114]: discloses when a process creates a working page, that is, copies a shared virtual memory page into the off-chip memory of the computing node as a working page of the process, an initial value of a version number of a shared virtual memory page is 1, different processes all may perform read and write operations on data in the shared virtual memory page later, and each time a process updates content in the shared virtual memory page, the version number of the shared virtual memory page increases. So, Lam teaches copy of shared memory with initial version having initial content but the teaching is not similar to copying initial contents before allocating the memory page.
Prior art Gopalan; Kartik et al. (US 20150324236 A1)[Gopalan][0021]: discloses content deduplication among VMs and optimization of VM migration. Deduplication has been used to reduce the memory footprint of VMs and reduces memory consumption either within a single VM or between multiple co-located VMs. This deduplication also do not cover copying initial contents to memory page before being allocated to a VM.
No known prior arts taken alone or in combination teach copying initial contents to the memory page and mark a translation for the memory page valid in an entry of the secure extended page table so the protected VM can access the memory page.
Claims 11, 15, 21, 25 and 26 contain the same allowable claim limitation copying initial contents to the memory page and mark a translation for the memory page valid in an entry of the secure extended page table so the protected VM can access the memory page and are allowable for the same reason as disclosed above for claim 3.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure and is included in pe2e_search_notes and is attached as OA.APPENDIX.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD S HASAN whose telephone number is (571)270-1737. The examiner can normally be reached on Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tim Vo can be reached on 571-272-3642. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.S.H/Examiner, Art Unit 2138
/SHAWN X GU/
Primary Examiner, AU2138