DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 01/07/2019, claims 1-21 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/316,015.

Claim Rejections - 35 USC § 103
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over of US Patent No.2019/00081962 issued to Teal and in view of a foreign application CN104283860A issued to Weigang.
Regarding claims 1, 8, and 15, TEAL discloses a computer-implemented method for verifying a kernel object to be executed by a data processing accelerator coupled to a host system, the method comprising [¶14, Endpoint security is improved by monitoring and controlling interprocess communications through a kernel-based endpoint protection driver.  A list of protected computing objects such as registry keys, files, processes and directories is stored in the kernel and secured with reference to a trust authority external to the kernel and the endpoint.  Protected processes are further controlled from unauthorized access and use by monitoring all interprocess communications through the endpoint protection driver and preventing unprotected processes from passing (potentially unsafe) data to protected processes], and [¶194, The processing environment 702 may, for example, be any environment such as an operating system or the like suitable for executing one or more processes 704], and  [¶195, Each process 704 may be an instance of a computer program, portion of a computer program or other code executing within the processing environment 702. A process 704 may execute, e.g., on a processor, group of processors, or other processing circuitry or platform for executing computer-executable code. A process 704 may include executable computer code], and [¶31], and [¶32, a 
a data processing (DP) accelerator over a bus to be executed by the DP accelerator to perform the predefined operation [¶194, the processing environment 702 may, for example, be any environment such as an operating system or the like suitable for executing one or more processes 704], and [¶195, Each process 704 may be an instance of a computer program, portion of a computer program or other code executing within the processing environment 702. A process 704 may execute, e.g., on a processor, group of processors, or other processing circuitry or platform for executing computer-executable code. A process 704 may include executable computer code].
TEAL does not explicitly disclose, however, Weigang discloses: 
 receiving, at a runtime library executed within a trusted execution environment (TEE) of a host system, a request from an application to invoke a predetermined function to perform a predefined operation [Page 1, last three paragraphs, the method comprises the steps that when an ELF file is executed by a user  or a system, the  operating system kernel scheduler first authenticates the identifier of the ELF file;  if the identification result is true for the identifier of the ELF file, the feature of the ELF file is further identified, and the ELF file is allowed to be executed if the feature identification result of the ELF file is complete and real], and [ see FIG.3,     1 ), a system, or a user application executing a certain ELF file;  2 ) The inner core security module verifies the ELF file executed by the application by calling the verification module]; and

Examiner Note: Teal also discloses this limitation as [¶29, A computer program product disclosed herein may include computer executable code embodied in a non-transitory computer readable medium that, when executing on an endpoint, performs the steps of storing a process cache in a kernel space of an operating system on the endpoint, the endpoint having a memory that includes the kernel space and a user space and the process cache storing at least one property for a first process executing in the user space, storing a tamper protection cache in the kernel space, the tamper protection cache identifying one or more protected computing objects on the endpoint including the first process, and the tamper protection cache secured with reference to a trust authority external to the operating system, monitoring changes to the process cache with a kernel driver, detecting a requested change from a second process executing on the endpoint to the at least one property of the first process with the kernel driver, and conditionally approving the requested change from the kernel driver only when the second process is included in the one or more protected computing objects identified in the tamper protection cache], and[00176], …The policies 514 may include any policies 514 relating to secure operation of endpoints 502 in an enterprise ], and  [¶300, In general, the process cache 1752 may store information related to a process such as the application name, application family (e.g., a vendor or commonly used name for a suite of software including installers, libraries, supporting applications or processes, and so forth), an application path, and an application category (such as any of the categories or types described herein). By loading the endpoint defense driver 1750 early in a boot sequence or operating system installation, each new process can be detected and corresponding information can be loaded into the process cache 1752].
in response to the request, identifying a kernel object associated with the predetermined function [Page 1, last 3 paragraphs,   ​The method comprises the steps that when 
 verifying an executable image of the kernel object using a public key corresponding to a private key that was used to sign the executable image of the kernel object[ Page 2, first paragraph, the identification signature and verification of the ELF file(equated to executable file of a kernel object) are based on a combined public key system, wherein the signature private key is the issuer of the ELF file or the private key of the author, and when the identification signature of the ELF file is verified, the identifier of the issuer or author of the ELF file is used as the public key]; and
and in response to successfully verifying the executable image of the kernel object, transmitting the verified executable image of the kernel object to [Page 2, Paragraph 7, The device includes a first authentication module for first identifying an identification of an ELF file when a user or system executes an ELF file in an application; the second authentication module is used for further identifying the feature of the ELF file under the condition that the identification result is that the identifier of the ELF file is true, and allowing the ELF file to be executed in the case that the feature identification result of the ELF file is complete and true; and the control module is used for refusing to execute the ELF file if the identification of the ELF file is non-real or the feature identification result of the ELF file is not complete and real]; and[Page nd paragraph, In addition, the identification of the identifier of the ELF file includes: performing a legality check on the identifier of the signer, determining whether the identifier of the author and the issuer of the ELF file is in the operating system preset trust list; and/or, on the file The signed signature is verified by digital signature, and the authenticity and integrity of the file identifier are determined. If the signer ID authentication fails, the ELF file is directly rejected], and  ​[Page 4, paragraph 6, The kernel security module is used to modify the debugging process of the operating system kernel source code. Before the main process schedules the ELF file, the verification module is turned to the verification module, and the verification module determines the authenticity of the request to load or execute the ELF file, and only the authentication is true. (ie, it has not been tampered with, it is the ELF file issued by the issuer allowed in the list), it is allowed to load or execute, otherwise it refuses to load or execute.].


It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of TEAL with the teaching Weigang in order to ensure the security of the system, it is necessary to provide an effective authentication scheme for various files such as ELF files to judge its legality [Weigang, Page 1, 3rd paragraph].
Regarding claims 2, 9, and 16, TEAL discloses wherein the runtime library is configured to verify the kernel object by decrypting a signature of the kernel object using the public key corresponding to the private key, wherein the kernel object is to be transmitted to the DP accelerator in an unencrypted form [¶308, In one aspect, a trust authority 1760 may be provided, e.g., to serve a root for keys used to secure the protection cache 1754. Thus, for example, the trust authority 1760 may maintain a suitable public/private key pair, and may use the private key to digitally sign the protection cache 1754, or individual computer objects or groups of computer objects listed in the protection cache 1754. In this manner, the protection cache 1754 may be secured against tampering so that, when the endpoint defense driver 1750 seeks to verify a protected status of a computer object such as a process, application, file, directory, registry key, or the like that is identified in the protection cache 1754, the endpoint defense driver 1750 can use a corresponding public key, which may be published in an accessible location by the trust authority 1760, coded into the binary for the endpoint defense driver 1750, or otherwise made available for use in Page 99 of 125 EFS-WebPATENTSPHS-0124-P07verifying a digital signature or otherwise verifying the authenticity of the protection cache 1754 and/or the information therein.
Regarding claims 3, 10, and 17, TEAL discloses, further comprising verifying an integrity of the kernel object by hashing the executable image of the kernel object using a predetermined hash function[¶312, the tamper protection cache may be secured using a number of techniques. For example, the tamper protection cache may be encrypted, or may be digitally signed, e.g., by encrypting a hash of the cache contents using a private key of a key pair and storing the resulting signature directly in the tamper protection cache], and [¶314].

Regarding claims 4, 11, and 18, TEAL discloses, wherein the kernel object is stored in an unsecure location of a persistent storage device [¶19, at least one of the first process and the second process may be executing in the user space of the memory. At least one of the first dividing the memory into a kernel space( protected and secured)) for operating system functions and a user space( not protected and not secured) for execution of user programs, a tamper protection cache stored in the kernel space of the memory and digitally signed by a trust authority external to the operating system, the tamper protection cache identifying one or more protected processes for protection when executing in the user space, and an endpoint protection driver executing in the kernel space of the memory, the endpoint protection driver configured to monitor execution of processes in the user space and to detect an interprocess communication from a first process in the user space to a second process in the user space, the endpoint protection driver further configured to control the interprocess communication by, when the second process is a first one of the protected processes identified in the tamper protection cache, conditionally permitting the first process to provide data to the second process only when the first process is a second one of the protected processes identified in the tamper protection cache], and [¶29].
Regarding claims 5, 12, and 19, TEAL discloses, wherein the kernel object is one of a plurality of kernel objects stored in the persistent storage device, wherein the runtime library maintains a list of public keys associated with the kernel objects respectively that are used to verify the kernel objects [¶179, the keys 210 may include cryptographic keys in a cryptosystem, i.e., decryption keys. In one aspect, the keys 210 may be disposed on one key ring 218 using one root key 220. In general, the keys 210 may be created and managed using, e.g., symmetric key technology, asymmetric key technology, or any other key technology or combination of key technologies suitable for securing data in an enterprise including, for EFS-WebPATENTSPHS-0124-P07of the current tamper protection cache. In another aspect, the tamper protection cache may be modified, e.g., with the addition or removal of protected objects, and a new signature may be created for the modified cached. In another aspect, two or more separate tamper protection caches may be provided in order to incrementally control additions to or removals from the list of protected computing objects. The list(s) of protected objects may also be hierarchically arranged in any number of ways, such as by providing separate caches for each type of object (e.g., one cache for registry keys, one cache for directories, etc.) or separate caches for different users (one for a guest, one for an endpoint administrator, one for an enterprise administrator, etc.) or different types of users. Whether stored as an integral cache or as a number of incrementally accumulated or hierarchically partitioned caches (or some combination of these), the cache(s) may be secured with reference to an external trust authority such as by digitally signing the cache(s) (or more specifically, hashes thereof) with an appropriate private key], and [¶323].
Regarding claims 6, 13, and 20, TEAL discloses, wherein the DP accelerator comprises one or more execution units configured to execute the executable image of the kernel object to on behalf of the application in a distributed manner[¶194, the processing environment 702 may, for example, be any environment such as an operating system or the like suitable for executing  more processes 704], and [¶195, Each process 704 may be an instance of a computer program, portion of a computer program or other code executing within the processing environment 702. A process 704 may execute, e.g., on a processor, group of processors, or other processing circuitry or platform for executing computer-executable code. A process 704 may include executable computer code].
Regarding claims 7, 14, and 21, TEAL discloses, wherein the public key was obtained from a trusted server and the public key was provided by a provider of the kernel object, and wherein the kernel object includes a signature signed by the provider using the private key[ ¶14, A list of protected computing Page 4 of 125 EFS-WebPATENTSPHS-0124-P07objects such as registry keys, files, processes and directories is stored in the kernel and secured with reference to a trust authority external to the kernel and the endpoint], and [¶15, when executing on the endpoint, performs the steps of storing a tamper protection cache in the kernel space on the endpoint, the tamper protection cache identifying one or more protected processes for protection when executing in the user space, storing a digital signature in the tamper protection cache, the digital signature signed with a private key that provides a root of trust from a trust authority external to the operating system…], and, and [¶17, The tamper protection cache may be digitally signed by a trust authority external to the operating system. The tamper protection cache may be digitally signed using a private key, where a public key for a key pair that includes the private key and the public key is encoded into a binary representation of the endpoint protection driver stored in the kernel space.], and [¶20, a tamper protection cache stored in the kernel space of the memory and digitally signed by a trust authority external to the operating system, the tamper protection cache identifying one or more protected processes for protection when executing in the user space], and [¶190, Further the key vault may be provisioned so that a public key stored in the key vault 632 is signed with a .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Anderson, US (9, 928, 365) ((27), in accessing a file, an application may invoke a system call, such as access( ) of the system library 306, passing in an indication of what type of access is sought, such as read or read/write access; kernel].
Benameur (U2020/0125731) [¶32, application, kernel].
IKEDA (US2018/0232266) [Abstract, ¶32, application program, kernel program]. 
Pham (US2005/0182958) [see FIG. 7, ¶¶50, 54, 61, kernel].
Bourd (US2013/0222399) [¶77applications that GPU 24 is to execute may be referred to as kernels…].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-






/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497