DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 14-20 have been examined. Claims 1-13 are withdrawn from consideration as being non-elected claims.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2/21/20 is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Schneider U.S. Pat. No. 8561090 (hereinafter Schneider) in view of Henderson et al. U.S. Pub. No. 20180196648 (hereinafter Henderson).

As per claim 14, Schneider discloses a non-transitory computer readable apparatus comprising a storage medium having one or more computer programs stored thereon, the one or more computer programs, when executed by a processing apparatus, being configured to: 
receive a user space packet generated by a user space entity (Schneider: column 3 lines 31-55: receive system call/user space packet from user-space process/user space entity); 
check the user space packet for malicious content (Schneider: column 3 lines 40-55: validate/check the system calls, which include parameters for malicious content); 
generate a kernel space metadata for use by a kernel space entity based on the checked user space packet (Schneider: column 3 line 56-column 4 line 3: translate the system call to make the system call come from the helper process, after the system call parameters have been validated). 
Schneider does not explicitly disclose wherein the kernel space entity a first privilege and the user space entity has a second privilege different than the first privilege. However, Henderson discloses associating different privilege levels to user space and kernel space (Henderson: [0019]: user space has lower privilege level while kernel space has higher privilege level). It would have been obvious to one having ordinary skill in the art to segregate access to kernel space and user space based on privilege levels because they are analogous art involving system calls associated with kernel and user space. The motivation to combine would be to prevent system instability, data loss or performance degradation.
As per claim 15, Schneider as modified discloses the non-transitory computer readable apparatus of claim 14. Schneider further discloses wherein the user space entity comprises a user space communication stack associated with a user space application (Schneider: column 3 lines 41-47: parameters of the system calls). 
As per claim 16, Schneider as modified discloses the non-transitory computer readable apparatus of claim 14. Schneider further discloses wherein the generated kernel space metadata is based on one or more portions of the user space packet (Schneider: column 3 lines 56-67: the system call are translated based on the system calls received from the user space applications). 
As per claim 17, Schneider as modified discloses the non-transitory computer readable apparatus of claim 16. Schneider as modified further discloses wherein the generated kernel space metadata is naturally aligned for a processor in communication with the non-transitory computer readable apparatus (Schneider: column 3 lines 32-67). 
As per claim 18, Schneider as modified discloses the non-transitory computer readable apparatus of claim 16. Schneider as modified further discloses wherein the generated kernel space metadata is based on one or more kernel space considerations (Schneider: column 4 lines 35-65). 
As per claim 19, Schneider as modified discloses the non-transitory computer readable apparatus of claim 16. Schneider further discloses wherein the generated kernel space metadata is based on one or more considerations of a different user space entity (Schneider: column 5 lines 5-25). 
As per claim 20, Schneider as modified discloses the non-transitory computer readable apparatus of claim 14, wherein the generated kernel space metadata is only accessible with the first privilege (Schneider: column 3 lines 33-67; Henderson: [0019]: user space has lower privilege level while kernel space has higher privilege level). Same rationale applies here as above in rejecting claim 14.


Response to Arguments
Applicant’s election with traverse of Invention III claims 14-20 in the reply filed on 4/12/21 is acknowledged. The traversal is on the ground that both claims 1 and 14 recite generating a kernel space metadata…based on checked/sanitized user space. This is not found persuasive because claims 1-7 focuses on specific steps in generating user space metadata and kernel data object for a network communication including copying and padding  user space metadata object while claims 14-20 focuses on checking user space metadata for malicious content and controlling access based on privilege level associated with kernel space and user space. In addition, “checked user space packet” and “sanitized user space packet” may involve overlapping steps, but the step of “sanitizing” involves more than simply “checking” the packet. Therefore, the claims are subject to restriction/election requirement because they focus on different areas of search. The requirement is still deemed proper and is therefore made FINAL.



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Tsirkin et al. U.S. Pub. No. 20190286466 discloses security enhanced hypervisor user space notification.
Tsirkin et al. U.S. Pub. No. 20190065301 discloses security enhanced out of process user space handling of hardware events.
Tsirkin et al. U.S. Pub. No. 20200073829 discloses efficient userspace driver isolation for virtual machines.
MacNeil et al. U.S. Pub. No. 20180219805 discloses method for propagating metadata of in-flight packets within kernel space.
Weigarten et al. U.S. Pub. No. 20190052659 discloses method for dynamically modeling and grouping endpoints for edge networking.
Xia et al. U.S. Pub. No. 20210011856 discloses method for enhancing isolation of user space from kernel space.
Mooring et al. U.S. Pub. No. 20130347131 discloses method involving features of hardware virtualization such as separation kernel hypervisors.
Doctor et al. U.S. Pub. No. 20090092057 discloses network monitoring system with enhanced performance.
Ackerly U.S. Pub. No. 20160063258 discloses method for enforcing a usage restriction associated with encrypted data by a kernel driver.
Frank et al. U.S. Pub. No. 20180285561 discloses method for detecting kernel corruption exploits.
Norton et al. U.S. Pub. No. 20180253315 discloses process and thread launch features.

Sovio et al. U.S. Pub. No. 20200019695 discloses hypervisor measurement agent.
Kaplan U.S. Pub. No. 20180081829 discloses virtualized process isolation.
Teal et al. U.S. Pub. No. 20030120935 discloses kernel-based network security infrastructure.
Glick et al. U.S. Pat. No. 8239947 discloses method of using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789.  The examiner can normally be reached on Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431