Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 09/11/2020 has been acknowledged. Claims 26-47, are currently pending and have been considered below. Claim 26, 32, 38 and 43 are independent claim. Claims 26, 32, 38 and 43 have been amended.

Priority
The application is a section 371 of PCT/US15/67535 filed on 12/22/2015.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/12/2020 has been entered.

Remarks and Response
Applicant’s arguments filed in the amendments on 09/11/2020 have been fully considered but are moot in view of new grounds of rejection. The reasons set forth below.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 26-47 are rejected under 35 U.S.C. 103 as being unpatentable over Stewart (US Patent Application Publication No 2015/0007263 A1) in view of Borthakur (US Patent No. 9,251,090 B1).

Regarding Claim 26, Stewart discloses a system comprising: 
a hardware platform coupled to the bus, the hardware platform comprising a memory apparatus including a client-side address space dedicated to an accessor of obfuscated multitenant data (Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines 
Stewart does not explicitly discuss the following limitation that Borthakur teaches:
a display to visually present deobfuscated multi-tenant data (Borthakur, col 17, line 25-30, system includes hardware elements that are electronically coupled via a bus, CPU, input devices and output devices like display. Col 5, line 5-15, the virtual machine’s memory may remain obfuscated in the memory of the host computer system until it is required by the virtual machine 120 and placed in the virtual cache 110. Col 5, line 40-45, the hypervisor provide the memory obfuscation service with information corresponding to the requested data to enable the 
a bus coupled to the display (Borthakur, col 17, line 25-30, system includes hardware elements that are electronically coupled via a bus); and
wherein an executable view generation library is stored to the client-side address space (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine);
wherein the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to the deobfuscated multi-tenant data, and generate a single-tenant view based on the deobfuscated multi- tenant data (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory 
wherein the deobfuscated multi-tenant data is machine readable by the hardware platform (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).
Stewart in view of Borthakur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Stewart in view of Borthakur to include the idea of access authorization to control access to protected data management system to improve the performance of the system. It will also enhance the security of the system by blocking the fraudulent users.

Regarding claim 27, Stewart in view of Borthakur discloses the system of claim 26, wherein, convert the obfuscated multi-tenant data to the deobfuscated multi-tenant data based on metadata associated with the executable view generation library and generate a single-tenant view based on the deobfuscated multi-tenant data (Borthakur, col 9, line 15-25, once the memory obfuscation 

Regarding claim 28, Stewart in view of Borthakur discloses the system of claim 27, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Borthakur, col 1, line 15-20, various components of the hypervisor may require privileged access to the physical host machine in 

Regarding claim 29, Stewart in view of Borthakur discloses the system of claim 26, further including a secure interface to receive the executable view generation library from a data access binder (Borthakur, col 1, line 15-20, operating systems and applications, including virtualized operating systems and applications, use data obfuscation techniques to implement secure channels and trust Zones for secure application execution).

Regarding Claim 30, Stewart in view of Borthakur discloses the system of claim 29, wherein the executable view generation library is to conduct a self-extraction, conduct a self-installation, measure an opaqueness of itself and send the opaqueness to the data access binder (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page).

Regarding Claim 31, Stewart in view of Borthakur discloses the system of claim 26, wherein the executable view generation library is stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Regarding Claim 32, Stewart discloses an apparatus comprising:
a semiconductor integrated circuit comprising memory, the memory comprising:

Stewart does not explicitly discuss the following limitation that Borthakur teaches:
wherein an executable view generation library is stored to the client-side address space (Borthakur, col 17, line 25-30, system includes hardware elements that are electronically coupled via a bus, CPU, input devices and output devices like display. Col 5, line 5-15, the virtual machine’s memory may remain obfuscated in the memory of the host computer system until it is required by the virtual machine 120 and placed 
wherein the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to the deobfuscated multi-tenant data, and generate a single-tenant view based on the deobfuscated multi- tenant data (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine), and
wherein the deobfuscated multi-tenant data is machine readable by a hardware platform providing the client side address space (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).


Regarding Claim 33, Stewart in view of Borthakur discloses the apparatus of claim 32, wherein to convert the obfuscated multi-tenant data to deobfuscated multi-tenant data is based on metadata associated with the executable view generation library (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page. Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity 

Regarding Claim 34, Stewart in view of Borthakur discloses the apparatus of claim 33, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Borthakur, col 1, line 15-20, various components of the hypervisor may require privileged access to the physical host machine in order to provide effective administration of the virtual machine instances. Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security information or other security context 

Regarding Claim 35, Stewart in view of Borthakur discloses the apparatus of claim 32, further including a secure interface to receive the executable view generation library from a data access binder (Borthakur, col 1, line 15-20, operating systems and applications, including virtualized operating systems and applications, use data obfuscation techniques to implement secure channels and trust Zones for secure application execution).

Regarding Claim 36, Stewart in view of Borthakur discloses the apparatus of claim 35, wherein the executable view generation library is to conduct a self-extraction, conduct a self-installation, measure an opaqueness of itself and send the opaqueness to the data access binder 

Regarding Claim 37, Stewart in view of Borthakur discloses the apparatus of claim 32, wherein the executable view generation library is stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Regarding Claim 38, Stewart discloses a method comprising: 
receiving a request to access at least a portion of obfuscated multi-tenant data (Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security 
Stewart does not explicitly discuss the following limitation that Borthakur teaches:
converting the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with an executable view generation library stored to a client-side address space (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine); and

wherein the deobfuscated multi-tenant data is machine readable by a hardware platform providing the client side address space (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).
Stewart in view of Borthakur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Stewart in view of Borthakur to include the idea of access authorization to control access to protected data management system to improve the performance of the system. It 

Regarding Claim 39, Stewart in view of Borthakur discloses the method of claim 38, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Borthakur, col 1, line 15-20, various components of the hypervisor may require privileged access to the physical host machine in order to provide effective administration of the virtual machine instances. Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security information or other security context for the first entity has been previously received by cloud service. If valid security information is not available to cloud service, cloud service redirects the first entity to identity provider. ¶[0038]- ¶[0039], if the second entity is not one of tenants, cloud service dynamically generates a fictitious document. In this manner, aspects of the disclosure obfuscate, conceal or otherwise hide, from the first entity, the tenancy status of the second entity. ¶[0040], if the second entity is determined to be one of tenants of cloud 

Regarding Claim 40, Stewart in view of Borthakur discloses the method of claim 38, further including receiving the executable view generation library from a data access binder (Borthakur, col 1, line 15-20, operating systems and applications, including virtualized operating systems and applications, use data obfuscation techniques to implement secure channels and trust Zones for secure application execution).

Regarding Claim 41, Stewart in view of Borthakur discloses the method of claim 40, further including:
conducting a self-extraction (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page);
conducting a self-installation (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the 
measuring an opaqueness of the executable view generation library (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page); and
sending the opaqueness to the data access binder (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation 

Regarding Claim 42, Stewart in view of Borthakur discloses the method of claim 38, wherein the executable view generation library is stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Regarding Claim 43, Stewart discloses at least one computer readable storage medium comprising a set of instructions, which when executed by a computing system, cause the computing system to:
receive a request to access at least a portion of obfuscated multi-tenant data (Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security information or other security context for the first entity has been previously received by cloud service. If valid security information is not available to cloud service, cloud service redirects the first entity to identity provider. ¶[0038]- ¶[0039], if the second entity is not one of 
Stewart does not explicitly discuss the following limitation that Borthaku teaches:
convert the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with an executable view generation library stored to a client-side address space (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine); and
generate a single-tenant view based on the deobfuscated multi-tenant data (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual 
wherein the deobfuscated multi-tenant data is machine readable by a hardware platform providing the client side address space (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).
Stewart in view of Borthakur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Stewart in view of Borthakur to include the idea of access authorization to control access to protected data management system to improve the performance of the system. It will also enhance the security of the system by blocking the fraudulent users

Regarding Claim 44, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 43, wherein the metadata is to include one or more labels, access privileges, security 

Regarding Claim 45, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 43, wherein the instructions, when executed, cause the computing system to receive the 

Regarding claim 46, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 45, wherein the instructions, when executed, cause the computing system to:
conduct a self-extraction (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page);
conduct a self-installation (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an 
measure an opaqueness of the executable view generation library (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page); and
send the opaqueness to the data access binder (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page).

Regarding claim 47, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 43, wherein the executable view generation library is to be stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information 



/WASIKA NIPA/           Primary Examiner, Art Unit 2433