DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a final office action in response to communications received 11/19/2020. Claims 1, 2, 4, 8, 9, 10, 12, 13, 15, 16, 17 have been amended. Therefore, claims 1-20 are pending and addressed below.

Response to Amendment
Applicant’s amendments and response to the claims are sufficient to overcome the 35 USC 101 and 112, 2nd paragraph, rejections set forth in the previous office action.

Response to Arguments
Applicant’s arguments filed 11/19/2020 have been fully considered but they are moot in view of new grounds of rejections.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Thomas (Pub. No. US 2014/0020072) in view of Yoon et al (KR20170091248).


As per claims 1, 10, 16, Thomas discloses a computer-implemented method of providing secure integrity checking, the computer-implemented method comprising:
maintaining, by a protected application of a proxy device, a tree data structure for performing a process for data integrity verification in response to client requests, the proxy device storing instructions of the protected application within a secure memory space , wherein the secure memory space is allocated (…a proxy server comprising a first interface for coupling in a communicating relationship with one or more of a plurality of cloud computing facilities…a second interface for coupling in a communicating relationship with a client device…a memory storing access credentials…to access with the one or more of the plurality of cloud computing facilities through the proxy server…see par. 61); receiving, at a network interface of the proxy device from a client device, a client request for data managed by a database server computer (…receive a request from a client device…see par. 63);
transmitting the client request from the proxy device to the database server computer; receiving, by the proxy device from the database server computer, a response to the client request, the response comprising data requested by the client request; verifying, at the proxy device, integrity of the data of the response from the database server computer, the data being verified utilizing the tree data structure maintained by the proxy device; and transmitting, from the proxy device to the client device, the response when the response is verified (…receiving access credentials from the user through the secure link; verifying an identity of the user with the access credentials…assessing a security state of the client device to determine if the client is in compliance with the security policy…based upon verification that the client is in compliance with the security policy…transfer the data from the client device to one of the plurality of cloud computing facilities…see par. 61-63). Thomas discloses organization hierarchy but it does not explicitly disclose the tree data structure the secure memory space is managed by a chip set of the proxy device and wherein the tree data structure comprises a plurality of nodes, each of the plurality of nodes comprising at least one of: a key, a version identifier, or a present identifier. However Yoon discloses the tree data structure; the secure memory space is managed by a chip set of the proxy device and wherein the tree data structure comprises a plurality of nodes, each of the plurality of nodes comprising at least one of: a key, a version identifier, or a present identifier (…a process of constructing a reference Merkle tree having a hash value calculated by applying a hash function to each partial memory block of a memory to be verified as a value of each end node at a verification reference point in time…applying the hash function to the queue in the on-chip memory…see par. 7-8). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Yoon in Thomas for including the above limitations because one ordinary skill in the art would recognize using a tree structure would minimize time delay due to a verification process and minimizing storage space consumption…see Yoon, par. 52.


As per claims 2, 15, the combination of Thomas and Yoon discloses wherein the tree data structure is a Merkle B+- tree (Yoon: see par. 8). The motivation for claims 2, 15 are the same as motivation for claims 1, 10 above.


As per claim 3, the combination of Thomas and Yoon discloses wherein at least one node of the plurality of nodes comprises at least one hashed value corresponding to hashed data of a child node of the at least one node (Yoon: see par. 8). The motivation for claim 3 is the same as motivation for claim 1 above.


As per claim 4, the combination of Thomas and Yoon discloses wherein verifying integrity of the data received from the database server computer comprises: computing, by the protected application of the proxy device, a plurality of hashes of the data received from the database server computer; comparing, by the protected application of the proxy device, the plurality of hashes to hashed values associated with a subset of the plurality of nodes of the tree data structure; and determining, by the protected application based on the comparison, that the plurality of hashes match the hashed values associated with the subset of the plurality of nodes of the tree data structure, wherein the integrity of the data is verified based on the determination (Yoon: a hash value for the first queue is calculated and compared with a hash value stored in the memory of the on-chip…it provides a memory integrity verification…see par. 37-39). The motivation for claim 4 is the same as motivation for claim 1 above.


As per claim 5, the combination of Thomas and Yoon discloses storing, by the protected application, the data received in the response in a cache of the secure memory space; receiving, at the network interface of the proxy device from the client device, a subsequent client request; determining that requested data of the subsequent client request is cached in the secure memory space; and providing, by the protected application, the requested data from the cache of the secure memory space (Thomas: see par. 61-63).


As per claim 6, the combination of Thomas and Yoon discloses wherein the secure memory space in inaccessible to hardware and software of the proxy device other than the chip set (Yoon: see par. 8). The motivation for claim 6 is the same motivation as claim 1 above.


As per claim 7, the combination of Thomas and Yoon discloses wherein the proxy device operates at the database server computer (Thomas: see par. 61).


As per claim 8, the combination of Thomas and Yoon discloses wherein at least a portion of the data structure is maintained in an unsecured memory space accessible to the protected application (Yoon: see par. 8). The motivation for claim 8 is the same motivation as claim 1 above.


As per claim 9, the combination of Thomas and Yoon discloses wherein node data corresponding to a root node of the data structure is stored in the secure memory space that is accessible only to the chip set (Yoon: see par. 7). The motivation for claim 9 is the same motivation as claim 1 above.


As per claim 11, the combination of Thomas and Yoon discloses wherein the operations further comprise: computing, by the protected application of the computer system, a plurality of hashed values of the data obtained from the database; and storing, by the protected application of the computer system, the plurality of hashed values in a cache maintained within the secure memory space, wherein the cache is utilized to provide subsequent data in response to subsequent client requests (Thomas: see par. 61-63).


As per claim 12, the combination of Thomas and Yoon discloses wherein the plurality of hashed values corresponding to respective nodes in the tree data structure, the respective nodes corresponding to a path from a node containing the requested data to a root node of the tree data structure (Yoon: a hash value for the first queue is calculated and compared with a hash value stored in the memory of the on-chip…it provides a memory integrity verification…see par. 37-39). The motivation for claim 12 is the same as motivation for claim 10 above.


As per claim 13, the combination of Thomas and Yoon discloses wherein the operations further comprise: computing, by the protected application of the computer system, a plurality of hashed values of the data obtained from the database, the plurality of hashed values corresponding to nodes of the tree data structure; determining, by the protected application of the computer system, particular data that is requested most often from the database; and storing, by the protected application in the secure memory space, hashed values of the plurality of hashed values that correspond to the particular data that is requested most often from the database (Yoon: see par. 38-40). The motivation for claim 13 is the same as motivation for claim 10 above.


As per claim 14, the combination of Thomas and Yoon discloses wherein the operations further comprise: receiving, by the protected application of the computer system, a subsequent client request for additional data; determining a hashed value corresponding to the additional data requested is stored in the secure memory space; and transmitting the additional data based at least in part on determining that the hashed value corresponding to the additional data is stored in the secure memory space (Thomas: see par. 61-63).


As per claim 17, the combination of Thomas and Yoon discloses wherein the secure memory space in inaccessible to hardware and software of the proxy device other than the chip set (Yoon: see par. 8). The motivation for claim 6 is the same motivation as claim 16 above.


As per claim 18, the combination of Thomas and Yoon discloses wherein the proxy device operates at the database server computer (Thomas: see par. 61).


As per claim 19, the combination of Thomas and Yoon discloses wherein a root node of the hash tree is maintained in the secure memory space, and wherein a portion of the hash tree is maintained in an unsecured memory space accessible to the protected application (Yoon: see par. 7). The motivation for claim 19 is the same motivation as claim 16 above.


As per claim 20, the combination of Thomas and Yoon discloses wherein verifying integrity of the response from the database server computer comprises: obtaining, from a cache associated with the database server computer, a plurality of hash values related to the data requested by the client device; computing a root node hash from the plurality of hash values obtained; comparing, by the protected application of the proxy device, the root node hash computed from the plurality of hash values to a stored hash value associated with a root node of the hash tree, the stored hash value of the root node being stored in the secure memory space; and determining, by the protected application based on the comparison, that the response is verified based at least in part on determining from the comparison that the root node hash computed from the plurality of hash values matches the stored hash value stored in the secure memory space (Yoon: see par. 38-40). The motivation for claim 13 is the same as motivation for claim 16 above.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to integrity verification of outsourced storage and file system.

Frey et al (Pub. No. US 2012/0110336); “Data Verification Method”;
-Teaches the verification tree or authentication tree or Merkle tree is a data structure that allows the verification of the integrity of part of a piece of data (see par. 58-61).


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479.  The examiner can normally be reached on Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2436