DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
An Examiner's Amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Examiner Amendments

In attempt to accelerate the prosecution process, the Examiner has contacted the Applicant’s representative, Mr. Andrew J. Lee (Reg. No 60371), and conducted a telephone interview on 07/07/2021. During the interview, the Examiner proposed an examiner amendment to the claims with some minor amendments for better clarity of the claims’ scope, and for putting the application in condition for allowance. 
Authorization for this Examiner's Amendment was given in a telephone interview with Applicant's representative Mr. Andrew J. Lee (Reg. No 60371) on 07/07/2021.




Claims

Please replace claims as following:
Claim 1.	(Currently Amended)  A method comprising:
creating a secure hardware enclave on a client system, the secure hardware enclave corresponding to a memory region of the client system that cannot be accessed by processes running in other memory regions of the client system and is created via a particular set of one or more central processing unit (CPU) instruction codes;
loading, by the client system, program code for an integrity verifier into the secure hardware enclave;
receiving, by the client system, a dataset from a server system and storing the received dataset at a storage or memory location on the client system;
receiving, by the integrity verifier, a cryptographic hash of the dataset from the server system and storing the received cryptographic hash at a memory location within the secure hardware enclave; and
on a periodic basis:
computing, by the integrity verifier, a cryptographic hash of the stored dataset;
comparing, by the integrity verifier, the computed cryptographic hash against the stored cryptographic hash; [[and]]
obtaining, by the integrity verifier, a CPU-generated time stamp counter value;
providing, by the integrity verifier, the time stamp counter value to the server system; and
if the computed cryptographic hash does not match the stored cryptographic hash, determining, by the integrity verifier, that the stored dataset has been modified.
Claim 2.	(Original)  The method of claim 1 wherein the server system is configured to, prior to providing the dataset to the client system:
verify that the secure hardware enclave was created using the particular set of one or more CPU instruction codes; and
verify that a correct version of the program code for the integrity verifier has been loaded into the secure hardware enclave.
Claim 3.	(Original)  The method of claim 1 wherein the periodic basis comprises random intervals.
Claim 4.	(Original)  The method of claim 1 wherein the storage or memory location where the dataset is stored on the client system is outside of the secure hardware enclave.
Claim 5.	(Canceled)
Claim 6.	(Original)  The method of claim 1 further comprising:
receiving, by the client system from the server system, a new version of the dataset and storing the new version of the dataset at another storage or memory location on the client system;
receiving, by the integrity verifier from the server system, a new cryptographic hash for the new version of the dataset and storing the new cryptographic hash at another memory location within the secure hardware enclave; 
atomically swapping, by the client system, a global memory pointer to point to said another storage or memory location; and
causing, by the client system, the integrity verifier to perform future comparisons of the  computed cryptographic hash against either the stored cryptographic hash or the stored new cryptographic hash.

Claim 7.	(Original)  The method of claim 6 further comprising:
determining, by the client system, when there are no processes or threads on the client system still reading the stored dataset; and
in response to the determining:
deleting the stored dataset; and
causing the integrity verifier to perform future comparisons of the computed cryptographic hash solely against the stored new cryptographic hash.

creating a secure hardware enclave on the client system, the secure hardware enclave corresponding to a memory region of the client system that cannot be accessed by processes running in other memory regions of the client system and is created via a particular set of one or more central processing unit (CPU) instruction codes;
loading program code for an integrity verifier into the secure hardware enclave;
receiving a dataset from a server system and storing the received dataset at a storage or memory location on the client system;
receiving, via the integrity verifier, a cryptographic hash of the dataset from the server system and storing the received cryptographic hash at a memory location within the secure hardware enclave; and
on a periodic basis:
	computing, via the integrity verifier, a cryptographic hash of the stored dataset;
comparing, via the integrity verifier, the computed cryptographic hash against the stored cryptographic hash; [[and]]
obtaining, via the integrity verifier, a CPU-generated time stamp counter value;
providing, via the integrity verifier, the time stamp counter value to the server system; and


Claim 9.	(Original)  The non-transitory computer readable storage medium of claim 8 wherein the server system is configured to, prior to providing the dataset to the client system:
verify that the secure hardware enclave was created using the particular set of one or more CPU instruction codes; and
verify that a correct version of the program code for the integrity verifier has been loaded into the secure hardware enclave.

Claim 10.	(Original)  The non-transitory computer readable storage medium of claim 8 wherein the periodic basis comprises random intervals.

Claim 11.	(Original)  The non-transitory computer readable storage medium of claim 8 wherein the storage or memory location where the dataset is stored on the client system is outside of the secure hardware enclave.

Claim 12.	(Canceled)


receiving, from the server system, a new version of the dataset and storing the new version of the dataset at another storage or memory location on the client system;
receiving, via the integrity verifier from the server system, a new cryptographic hash for the new version of the dataset and storing the new cryptographic hash at another memory location within the secure hardware enclave; 
atomically swapping a global memory pointer to point to said another storage or memory location; and
causing the integrity verifier to perform future comparisons of the  computed cryptographic hash against either the stored cryptographic hash or the stored new cryptographic hash.

Claim 14.	(Original)  The non-transitory computer readable storage medium of claim 13 wherein the method further comprises:
determining when there are no processes or threads on the client system still reading the stored dataset; and
in response to the determining:
deleting the stored dataset; and
causing the integrity verifier to perform future comparisons of the computed cryptographic hash solely against the stored new cryptographic hash.

a processor; and
a non-transitory computer readable medium having stored thereon program code that, when executed, causes the processor to:
	create a secure hardware enclave on the client system, the secure hardware enclave corresponding to a memory region of the client system that cannot be accessed by processes running in other memory regions of the client system and is created via a particular set of one or more central processing unit (CPU) instruction codes;
load program code for an integrity verifier into the secure hardware enclave;
receive a dataset from a server system and store the received dataset at a storage or memory location on the client system;
receive, via the integrity verifier, a cryptographic hash of the dataset from the server system and store the received cryptographic hash at a memory location within the secure hardware enclave; and
on a periodic basis:
compute, via the integrity verifier, a cryptographic hash of the stored dataset;
compare, via the integrity verifier, the computed cryptographic hash against the stored cryptographic hash; [[and]]
obtain, via the integrity verifier, a CPU-generated time stamp counter value;
provide, via the integrity verifier, the time stamp counter value to the server system; and


Claim 16.	(Original)  The client system of claim 15 wherein the server system is configured to, prior to providing the dataset to the client system:
verify that the secure hardware enclave was created using the particular set of one or more CPU instruction codes; and
verify that a correct version of the program code for the integrity verifier has been loaded into the secure hardware enclave.

Claim 17.	(Original)  The client system of claim 15 wherein the periodic basis comprises random intervals.

Claim 18.	(Original)  The client system of claim 15 wherein the storage or memory location where the dataset is stored on the client system is outside of the secure hardware enclave.

Claim 19.	(Canceled)


receive, from the server system, a new version of the dataset and store the new version of the dataset at another storage or memory location on the client system;
receive, via the integrity verifier from the server system, a new cryptographic hash for the new version of the dataset and store the new cryptographic hash at another memory location within the secure hardware enclave; 
atomically swap a global memory pointer to point to said another storage or memory location; and
cause the integrity verifier to perform future comparisons of the  computed cryptographic hash against either the stored cryptographic hash or the stored new cryptographic hash.
Claim 21.	(Original)  The client system of claim 20 wherein the program code further causes the processor to:
determine when there are no processes or threads on the client system still reading the stored dataset; and
in response to the determining:
delete the stored dataset; and
cause the integrity verifier to perform future comparisons of the computed cryptographic hash solely against the stored new cryptographic hash.

Examiner’s Statement of reason for Allowance

Claims 1-4, 6-11, 13-18 and 20-21 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is a client system create a secure hardware enclave separate from operation system. The client system load program code which called an integrity verifier into the secure hardware enclave. The client system will receive a dataset and hash from a server system. Then, on a periodic basis, the integrity verifier can compute a cryptographic hash of the stored dataset, compare the computed cryptographic hash against the stored cryptographic hash, and if the computed cryptographic hash does not match the stored cryptographic hash. The system determine that the stored dataset has been modified. 
The closest prior art, as previously recited, are BENALOH (US 20190147188), Nyhuis (US 20160197949), Ellison (US 20100082984), Karame (US 20200228318), Romero-Mariona (US 9531689) in which, BENALOH discloses obtains multiple instances of encrypted telemetry data within a secure enclave and processes the encrypted telemetry data to obtain multiple instances of unencrypted telemetry data. Within the secure enclave, the multiple instances of unencrypted telemetry data to obtain a perturbed aggregate. Nyhuis discloses downloading information from which it builds the full system including an encrypted and an unencrypted portion. Later, the sensor sends hashes of files, configurations, and other local information to a data center, which compares the 
However, none of BENALOH (US 20190147188), Nyhuis (US 20160197949), Ellison (US 20100082984), Karame (US 20200228318), Romero-Mariona (US 9531689), teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent Claim1 and similarly Claim 8 and Claim 15. For example, none of the cited prior teaches or suggest the steps of Claim 1 and similarly Claim 8 and Claim 15: creating a secure hardware enclave on a client system, the secure hardware enclave corresponding to a memory region of the client system that cannot be accessed by processes running in other memory regions of the client system and is created via a particular set of one or more central processing unit (CPU) instruction codes; loading, by the client system, program code for an integrity verifier into the secure hardware enclave; receiving, by the client system, a dataset from a server system and storing the received dataset at a storage or memory location on the client system; receiving, by the integrity verifier, a cryptographic hash of the dataset from the server system and storing the received cryptographic hash at a memory location within the secure hardware enclave; and on a periodic basis: computing, by the integrity verifier, a cryptographic hash of the stored dataset; comparing, by the integrity verifier, the computed cryptographic hash against the stored cryptographic hash; obtaining, by the integrity verifier, a CPU-generated time stamp counter value; providing, by the integrity verifier, the time stamp counter value to the server system; and if the computed cryptographic hash does not match the stored cryptographic hash, determining, by the integrity verifier, that the stored dataset has been modified. 

Therefore the claims are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 



	/C.W./Examiner, Art Unit 2439  



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439