Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application filed on 11/13/2017. Claims 1 and 12 are independents. Claims 1-13 are currently pending.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Claims 1-3 and  5 in this application using language “a dispatching subsystem”, “the digital signing subsystem”, “an encryption subsystem”, “a decryption subsystem”, “an aggregator subsystem” and “function registration subsystem” is given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Because this/these claim limitations are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.



Claims 1-3 and 5 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The closest description is found in para. 0016, reciting “The receiver (205), then authenticates, authorizes, and decrypts the service call (206) before it is dispatched for processing to the service handler”. This does not provide description of structure of and functionality of the limitations invoking 112(f).

The following is a quotation of 35 U.S.C. 112(b):

(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. In claims  the terms  “a dispatching subsystem”, “the digital signing subsystem”, “an encryption subsystem”, “a decryption subsystem”, “an aggregator subsystem” and “function registration subsystem” are indefinite and the instance specification does not provide description as shown above. 
Claims 2-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph because they are dependents of claim 1. 
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
	
Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over Fanton et al. (US 20060150256 A1), hereinafter Fanton, in view of Rubin et al. (JP2017529786A), hereinafter Rubin.

 Regarding claim 1, Fanton teaches a system for secure computing device control and operation for a requesting client from remote security and policy services, the system comprising:
a network interface for connecting the requesting client to the remote security and policy services and for specifying the requested services and required parameters (para. 0039, [v]arious embodiments of the present invention may be used in either a personal setting or within in a corporate network environment);
	a policy authenticator for verifying that the requesting client is allowed to access the requested services (para. 0049, [t]he phrase "content authenticator" generally refers to a result of method for generating an authenticating mark which may be used in verifying digital information, files, code and/or data segments of code modules and/or the like. For example, in some cases a method of content authentication comprises two complimentary algorithms. One for generating the authenticating mark and one for verifying the authenticating mark (for example, verifying a client or a user); and
a dispatching subsystem for sending the service requests and required parameters to remote service providers (para. 0089, [i]n other embodiments, the information may be transmitted to an external monitoring system which may prepare a summary of denied/allowed process creation requests. This report may then be transmitted to a designated person on a periodic or on-demand basis).
Fanton does not explicitly disclose a scheduler for scheduling the execution of remote security and policy services. However, in an analogous art, Rubin teaches a scheduler for scheduling the execution of remote security and policy services (p. 10 ln34-37, After completing all evaluations, the conflict is resolved by first checking for an explicit access denial effect (606). The explicit denial may be due to a security policy with a DENY effect. If an explicit deny is detected, the conflict is resolved and the request to access the resource is denied. However, if there is no explicit denial and at least one permit effect is detected (608), the request is granted (622). This means that access to the resource is allowed (622) as a result of the conflict being resolved; that is, the above list of tasks are carried out[scheduled] right after all evaluations [after authentication of user or request and after verification of policy]).
 Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Fanton and Rubin because this functionality will provide enhanced security for providing a secure system for limiting the execution of computer program code to only that executable code which can be verified to be approved to run on that computer (Rubin para. 0033).

	Regarding claim 2, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches further including:
	a hash encoder for encoding the requested service name and required parameters (para. 0036, [a]ccording to one embodiment, one or more whitelists may be protected by a digital signature of its own contents. The digital signature may be based in part upon a hash value for the data in the whitelist. This signature may then be encrypted remotely by a Remote Signing Server (RSS) using private key encryption);
	a digital signing subsystem for signing requests for services (para. 0049, A digital signature or cryptographic digital signature denotes the result of computing a cryptographic hash value, such as SHA-1, SHA-256, MD-5, and the like, over a specific body of encoded data, then encrypting the hash value using a private key. Given the same body of encoded data, re-computing the hash value, and decrypting the digital signature using the corresponding public key, will produce the identical value if the encoded data remains the same);
	an encryption subsystem for encrypting the signed and encoded requests for services (para. 0037, In one embodiment, the RSS may be used to encrypt hash values of the whitelists using Public Key Infrastructure (PKI) encryption, for example. The RSS may host a secret (private) encryption key that it uses to encrypt values sent to it by client installations who are in need of modifying their database. Later a public key may be used to decrypt the value for comparison against calculated values allowing the code to determine if any of the data has been modified);
	a decryption subsystem for decrypting the signed and encoded service request (para. 0037); and
	a hash verifier for verifying the hash encoded service request (para. 0036).

	Regarding claim 3, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches further including an aggregator subsystem to receive encoded, signed, and encrypted requests from at least one requesting client and to dispatch allowed requests to external service providers (para. 0036, 0037 and 0089).

	Regarding claim 4, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches further including a function invocation interface to connect application code in the requesting client to remote service requests (para. 0060, FIG. 1 is a high level architectural diagram of a multi-level whitelist authentication system 100 for allowing the execution of authorized computer code in accordance with one embodiment of the present invention. According to the present example, the multi-level whitelist authentication system 100 includes a user interface layer 105, a user mode service layer 110 and a kernel mode driver 160).

	Regarding claim 5, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches further including a function registration subsystem to identify and access security and policy services that are defined by a requesting client (para. 0036, 0037 and 0089).

	Regarding claim 6, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches further including a discovery protocol to identify and access security and policy services that are defined by a requesting client (para. 0036, 0037 and 0089).

	Regarding claim 7, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches wherein the security and policy services and the requesting client application are executed on the same processor (para. 0077).

	Regarding claim 8, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches wherein each service request is assigned a unique transaction number (para. 0038, [s]ome embodiments additionally provide for a client verification scheme. According to one embodiment, the RSS verifies that a client making a signature request is indeed an actual approved instance of the authentication system software, and not a hacker or someone attempting to spoof the RSS. In order to do so, the system may make use a variety of identifying information from the requestor to make that determination. For example a machine ID, a password, and/or the like may be used. A machine ID is a unique identifier (number) that is generated at the time of authentication system software installation on an end user computer or server. It may contain a globally unique identifier (GUID) in combination with some other values that uniquely identify the computer system that the client code was installed on (including possibly a CPU serial number, a network card unique media access control (MAC) address, and/or various other system information)).

	Regarding claim 9, the combination of Fanton and Rubin teaches all of the limitations of claim 3, as described above. Fanton further teaches wherein the aggregator subsystem and the requesting client application are executed on the same processor (para. 0077, [e]mbodiments of the present invention include various steps, which will be described in more detail below. A variety of these steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor programmed with the instructions to perform the steps. Alternatively, the steps may be performed by a combination of hardware, software, and/or firmware. As such, FIG. 2 is an example of a computer system 200, such as a workstation, personal computer, client, or server, upon which embodiments of the present invention may be utilized).

	Regarding claim 10, the combination of Fanton and Rubin teaches all of the limitations of claim 3, as described above. Fanton further teaches wherein the aggregator subsystem and the security and policy services are executed on the same processor (para. 0077).

	Regarding claim 11, the combination of Fanton and Rubin teaches all of the limitations of claim 1, as described above. Fanton further teaches wherein the policy authenticator includes:
	a policy object language compiler and generator for specifying policy rules (para. 0115, [i]n other embodiments, the global whitelist may be edited and/or created by an administrator based on an enterprise-, division-, development group-wide software policy, for example. In addition, according to various embodiments, the global whitelist database may be updated on a periodic schedule such as yearly, monthly, weekly, etc. or on an as needed basis. In an enterprise network, for example, the global whitelist database might contain a limited subset of known good code modules that are approved for use with the particular enterprise);
	a policy decision point for adjudicating policy requests based on the policy rules (para. 0115); and
	at least one policy execution point for executing policy decisions (para. 0115).

Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Fanton et al. (US 20060150256 A1), hereinafter Fanton, in view of ATREEDEV et al. (EP 2985728 A1), hereinafter ATREEDEV.

	Regarding claim 12, Fanton teaches a method for secure computing device control and operation for a requesting client from remote security and policy services having a service management subsystem and a secure services subsystem, the steps comprising:
	transmit the service object to the service management subsystem of the remote security and policy services (para. 0084, For example, in the context of the Windows operating system, the OS process creation activity monitor 150 may intercept new process creation activity by hooking to the Windows® CreateSection API call and in response temporarily turning control over to the kernel mode driver 115 to allow appropriate authentication processing to be performed. The monitoring for new process creation requests may occur during system boot processing or during normal system operations);
	receive the service object at the service management subsystem of the remote security and policy services (para. 0084);
	authorize the execution of the remote service by checking for policy authorization (para. 0085, [a]t decision block 320, a determination may then be made as to whether the code module is authorized to execute. According to one embodiment, a multi-level whitelisting approach may be used);
	dispatch the service request to a remote service handler for processing (para. 0085);
	execute the service request generating a response (para. 0085, If the entry is found, the authorization determination may be based on one or more parameters as to whether the request should be approved; and then control is returned to the operating system. In one embodiment, requests may be unconditionally approved, unconditionally denied, or a decision may need to be made by an authorized user);
	dispatch the response from the remote service handler to the service management subsystem of the remote security and policy services (para. 0085);
	receive the response from the remote service handler (para. 0085); and
	transmit the response back to the originating requestor (para. 0086, [i]f the request is granted, control flow continues along the "Yes" path exiting decision block 320 to block 345. If the request is denied, control flow continues along the "No" path from decision block 320 to block 330. Otherwise, if no determination can be made without further input from an authorized user, for example, then the determination may be unknown and control flow continues along the "UnK" path from decision block 320 to block 355).
	Fanton does not explicitly disclose create a remote service object that includes the name of the service and the required parameters. However, in an analogous art, ATREEDEV teaches create a remote service object that includes the name of the service and the required parameters (p. 10/20 para. 0075, request object with name and parameters).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Fanton and ATREEDEV because this functionality will provide enhanced security for providing a secure system to process data from other systems and devices (ATREEDEV para. 0044).

	Regarding claim 13, The method of claim 12 further including the steps:
	calculate a hash encoding of the service object at the requesting client (para. 0073, In the present example, an Remote Signing Server (RSS) 165, may be used to protect one or more of the global whitelist 130, the local whitelist 135 and the MRU cache 160 with an externally generated digital signature. The digital signature may be based in part upon a hash value for the data in the corresponding whitelist. This signature may then be encrypted remotely by a Remote Signing Server (RSS) using private key encryption. Then, each time one or more of the whitelists are read into memory to look up a value during normal operation, the hash value may be recalculated by the authentication system software, and compared to the unencrypted stored value (unencrypted using the public key). If the two hash values compare equally, then it can be reasonably assured that the authenticated whitelist has not been modified maliciously);
	digitally sign the hash encoded service object (para. 0049, A digital signature or cryptographic digital signature denotes the result of computing a cryptographic hash value, such as SHA-1, SHA-256, MD-5, and the like, over a specific body of encoded data, then encrypting the hash value using a private key. Given the same body of encoded data, re-computing the hash value, and decrypting the digital signature using the corresponding public key, will produce the identical value if the encoded data remains the same);
	encrypt the hash encoded and signed service object prior to transmission to the service management subsystem (para. 0037, [i]n one embodiment, the RSS may be used to encrypt hash values of the whitelists using Public Key Infrastructure (PKI) encryption, for example. The RSS may host a secret (private) encryption key that it uses to encrypt values sent to it by client installations who are in need of modifying their database. Later a public key may be used to decrypt the value for comparison against calculated values allowing the code to determine if any of the data has been modified);
	decrypt the service object at the service management subsystem (para. 0037);
	verify the hash encoding of the service object prior to authorization to execute the remote service (para. 0036); and
	encrypt the response returned from the service handler prior to transmission back to the originating requestor (para. para. 0037).

References Cite Not Used
	 Wilkins et al. (US 20120204032 A1 ) teaches a method for a computer-implemented key exchange system and methods for improving the usability of encryption technologies such as Public Key Infrastructure (PKI). One aspect of the present invention includes registering users, verifying user identity, and classifying users such that the users may send a communications such that communication recipients can verify the user identity and classification of the communication sender. Another aspect of the present invention includes users initiating relationships with other users, approving the establishment of relationships, and exchanging encryption keys between users after the establishment of a relationship.
	Bisbee et al. (US 20010002485 A1) teaches a method for electronic transmission, storage, and retrieval of authenticated electronic original documents.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday - Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHU CHUN GAO/ 	Examiner, Art Unit 2437 

/ALI S ABYANEH/Primary Examiner, Art Unit 2437