DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on January 25, 2021 for application 15/437,697.  Claims 1, 6, 7, and 8 were amended, and claims 1 and 3-8 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed on January 25, 2021 have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 10 of the Remarks that concerns the objection to claims 1 and 6, the amendments to the claims address the issue and the corresponding objections are withdrawn.
	Regarding the Applicant’s response at page 10 of the Remarks that concerns the § 112(b) rejection to claims 1, 6, 7, and 8, the amendments to the claims addresses the issue and the § 112(b) rejection is withdrawn.
	Regarding the Applicant’s response at pages 10-17 of the Remarks that concerns the § 103 rejection to claim 1, and thus independent claims 6, 7, and 8, the Applicant’s arguments in conjunction with the claim amendments, which clarified the use of a “modulation parameter,” are persuasive.  Consequently the Examiner conducted a new prior art search, and the Applicant’s arguments are now moot with respect to the independent claims because the arguments do not apply to some of the 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
	Claims 1 and 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Larsen (2004/0243845, “Larsen”) in view of Kanai et al. (US 2007/0221724, “Kanai”) and Neisse et al. (US 2007/0058800, “Neisse”), and further in view of Patne et al. (US 2015/0373035, “Patne”).
Regarding Claim 1
Larsen discloses
A method (abstract) for controlling access to preliminarily identified resources (Fig. 4, ¶ [0035], “resource blocks 62” act as the resources that are preliminarily identified by at least the “process access selector 74”), 
the method being implemented by an electronic device configured to modulate access to said resources to be controlled (¶ [0122], “A process-based security system may be used on a server in a network computing environment, on any computer or computing device [that acts as an electronic device], either in isolation or working as a client connected to a server,” and TABLE 1 between ¶¶ [0037] and [0038], i.e., the “Rights mask” serves to modulate access; for example, “Read only” modulate[s] access to a request where the request can only read data), the method comprising: 
receiving a request, coming from a program installed on the electronic device (Fig. 4, ¶ [0035], any of “process block 70” represents a program; and Fig.3, ¶ [0033], i.e., the operating system, such as “Microsoft Windows,” enables the execution of a program installed on the electronic device), for access to a current resource (Fig. 4, ¶ [0035], i.e., a current resource is any one of the “resource blocks 62”) of the preliminarily identified resources (Figs. 3-4, ¶¶ [0034]-[0035], “The process requesting mechanism 66 [or a program] initiates a request for a resource [that is receiv[ed]] and, if the process running on the system has access to that resource, as noted in the resource access table 64, the operating system 60 will then grant the resource for use by the process within the operating system.”); 
obtaining at least one modulation parameter for access to said current resource (¶ [0033], “The operating system is restricted to allocate only those resources defined in a resource access table 64, which resource access table defines resources associated modulation parameter is required and “define[d]” for a “process block 70” to access one of the “resource block[s] 62”)…1, 
wherein the resource-characterizing data structure associates for each of the preliminarily identified resources a respective resource identifier, …2 and at least one modulation parameter (TABLE 1 between ¶¶ [0037] and [0038], i.e., the “Resource name” serves as a respective resource identifier and the “Rights mask” serves as at least one modulation parameter; for example, “Read only” modulate[s] a request to where the request can only read data; see also Neisse ¶¶ [0008]-[0011] that further disclose modulation parameters XorL and AddM that respectively relate to a resource of a first type and a second type), 
3… or is a resource of a second type of the preliminarily identified resources that is distinct from the first type (¶¶ [0038]-[0039], TABLE 1, i.e., the “Process name” is a resource of the second type, as the process names do not vary with time), and wherein 
4 …;
the resources of the second type are selected from the group consisting of:  
an identifier, 
a memory address, 
a process number, and 
a serial number (¶¶ [0038]-[0039], TABLE 1, i.e., the “Process name” is an identifier); and
the obtaining comprises: 
identifying the current resource in the resource-characterizing data structure as a
function of the resource identifier of the current resource (¶ [0034], TABLE 1, i.e., the current resource is identif[ied] via the “Resource name” within TABLE 1 upon “the process requesting mechanism 66 initiat[ing] a request for a resource”); and 
obtaining, from said resource-characterizing data structure, … 5 and
the at least one modulation parameter associated with the resource identifier of the current resource (¶ [0034], TABLE 1, i.e., the modulation parameter associated with the resource identifier of the current source is the “Rights mask”); and  
modulating access to said current resource by the program as a function of the
obtained indicator and the obtained at least one modulation parameter associated with said current resource (¶ [0034], “if the process running on the system has access to that resource, as noted in the resource access table 64, the operating system 60 will then grant the resource for use by the process within the operating system.”). 
Larsen doesn’t disclose
	1 …within a resource-characterizing data structure,
2 … an indicator …
	3 the indicator indicating whether the associated resource is a resource of a first type of the preliminarily identified resources having values that are variable over time…
4 the resources of the first type are selected from the group consisting of: 
available random-access memory, 
available mass storage memory, 
power of a received signal, 
time, 
date, 
clock, 
electrical consumption, 
battery level, and 
processor charge level; 
	5 … the indicator …
Kanai, however, discloses
	1 …within a resource-characterizing data structure (Fig. 30, ¶¶ [0222]-[0224], i.e., the table where the “access id” fields corresponds either directly or indirectly to a respective resource identifier (as also disclosed in Larsen), the “first initial mask” and “second initial mask” correspond to an indicator field, and the “coefficient” fields correspond to parameters that are employed in modulation; see also Larsen ¶ [0034], “table 64” acts as a resource-characterizing data structure, noting tables are easily modified to add additional fields),
Neisse, however, discloses
	2, 5 …an indicator… (¶¶ [0008]-[0011], a “masking rule” involves the two operations an “XorL” and an “AddM” (that act as modulation parameters), where the “respective masking rule that is used has to be compatible with the calculation step,” where the “first initial mask” and “second initial mask” fields of Kanai suggest entries to possess an indicator that indicates when either the “XorL” and an “AddM,” operations are to be conducted; and further noting ) 
	3 the indicator indicating whether the associated resource is a resource of a first type of the preliminarily identified resources having values that are variable over time… (¶ [0010], “It is understood that the respective masking rule that is used has to be resources of the second type have no minor modifications], to the masked representation of the value to be protected and then essentially result in the masked representation of the result desired. Hence, for example, the XorL masking rule is clearly compatible with exclusive-or calculation steps and bit permutations, however not with addition or multiplication operations,” i.e., the “XorL masking rule” is applicable to the second type of resources that remain constant over time, and the “AddM” masking rule is applicable to the first type of resources that vary over time; see also Patne¶¶ [0049]-[0053], using a “classifier model” based upon the monitoring of “behavior” suggests the division of resources between those whose “behavior” varies over time that involve “rais[ing] the noise floor” via an “AddM” operation and those with no behavior change (i.e., constant characteristics (such as a serial number or memory address) that involve an “XorL” operation)
Patne, however, discloses
4 the resources of the first type are selected from the group consisting of: 
available random-access memory, 
available mass storage memory, 
power of a received signal, 
time, 
date, 
clock, 
electrical consumption, 
battery level, and 
processor charge level (¶¶ [0063]-[0073], and in particular ¶ [0072], “The
behavior observer module 202 [that monitors elements that var[y] over time] may also monitor the activities of the computing device 200 by monitoring the usage of, and updates/changes to, compass information, computing device settings, battery life [or battery level], gyroscope information, pressure sensors, magnet sensors, screen activity, etc.”);
	Regarding the combination of Larsen and Kanai, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Larsen to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base structure, namely the “resource-characterizing data structure” of Larsen, upon which the claimed invention can be seen as an “improvement” through the use of additional values within the “resource-characterizing data structure”;
2) the prior art contained a “comparable” structure, namely the “resource-characterizing data structure” of Kanai, that has been improved in the same way as the claimed invention through the “resource-characterizing data structure;” and

	Regarding the combination of Larsen-Kanai and Neisse, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access request system of Larsen-Neisse to have included masking rule feature of Neisse. One of ordinary skill in the art would have been motivated to incorporate the masking rule feature of Neisse because Neisse teaches “As a measure against such attacks, the opportunity presents itself, to alter the data to be protected from being spied out by a value,” and Neisse further teaches the use of a “masking rule” to prevent such attacks.  See Neisse ¶ [0008].  
	Regarding the combination of Larsen-Kanai-Neisse and Patne, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access request system of Larsen to have included the behavior features of Patne. One of ordinary skill in the art would have been motivated to incorporate the behavior features of Patne because Patne teaches that monitoring and analyzing the behavior of a computer system can prevent side channel attacks, see Patne ¶¶ [0006]-[0008]. 
Regarding Claims 6-8
With respect to independent claims 6-8, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claims .
Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Larsen in view of Kanai and Neisse, and further in view of Patne and Kaplan et al. (US 2015/0248357, “Kaplan”).
Regarding Claim 3
Larsen in view of Kanai and Neisse, and further in view of Patne (“Larsen-Kanai-Neisse-Patne”) disclose the method for controlling access according to claim 1, and Larsen further discloses
wherein, the modulating access to said current resource (at least ¶ [0034]) comprises: …1 
Larsen-Kanai-Neisse-Patne doesn’t disclose
1 …masking data as a function of the at least one modulation parameter.  
Kaplan, however, discloses
1 …masking data as a function of the at least one modulation parameter (¶¶ [0030]-[0031], i.e., the modulation parameter is “write” as disclosed in Larsen and is being employed via the “write request” of the “program, VM, software service, and the like,” and the associated data of the “write request” is mask[ed] through the use a “selected key to encrypt the information to be written”). 
Regarding the combination of Larsen-Kanai-Neisse-Patne and Kaplan, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access request system of Larsen-Kanai-Neisse-Patne to have included the masking feature of Kaplan. One of ordinary skill in 
Regarding Claim 4
Larsen in view of Kanai and Neisse, and further in view of Patne and Kaplan (“Larsen-Kanai-Neisse-Patne-Kaplan”) disclose the method for controlling access according to claim 3, and Kaplan further discloses
wherein for the preliminarily identified resources of the second type (of Larsen, although the non-time varying data within Kaplan is the data to be written) the masking data (¶¶ [0030]-[0031]) comprises: 
obtaining a code corresponding to the program (¶ [0030], i.e., the “key” is a digital code that facilitates encryption); 
computing an encrypted value of the current resource by using the code (¶ [0030], i.e., “The encryption module 115 employs the selected key to encrypt the information to be written and…”); and 
transmitting the encrypted value to said program (¶ [0030], “…and provides the write request, with the encrypted information, to the memory 120 for storage,” i.e., when the program submits a “write request to the memory,” the subsequent writing of the information to the memory suggests the transmission of the encrypted information to the program and then its subsequent writing to the memory).  

Regarding Claim 5
Larsen-Kanai-Neisse-Patne-Kaplan disclose the method for controlling access according to claim 3, and Kaplan further discloses
wherein for the preliminarily identified resources of the second type (of Larsen, although the non-time varying data within Kaplan is the data to be read) the masking data (¶¶ [0030]-[0031]) comprises: 
receiving an encrypted value of the current resource coming from the program (¶¶ [0030]-[0031], i.e., the data previously written in encrypted form originated from the program and its encrypted form in which it was stored is an encrypted value of the current resource); 
obtaining a code corresponding to the program (¶¶ [0030]-[0031], “i.e., the “key” is a digital code that facilitates decryption”); 
decrypting the encrypted value by using the code, delivering the value of the current resource (¶ [0031], “If the northbridge 110 identifies the read request as a secure memory access request, it identifies one of the keys 126 that is assigned to the entity that generated the read access request and the encryption module 115 decrypts the read information.”); and 
implementing an operation required by the program on the current resource (¶ [0031], i.e., after decryption, an operation is implement[ed] by fulfilling the reason that precipitated the “read request,” in other words, the operation delivers the decrypted information to the program that requested it so that it may be used by the program). 


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 8:00-5:00 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972.  The fax 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491