DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2. Applicant’s arguments filed on 06/03/2021 with respect to 101 rejection have been fully considered but they are not persuasive.

3. Applicant states that the independent claim 1 recite: “the new user application” is executing instructions that did not come from a file on the computer’s file system; and by executing instructions the operating system instead pulled from a server, such as “... interface one or more servers, receive the first protected application data from the one or more servers...”
And the computer’s operation is fundamentally changed since there is no corresponding executable file on the computer’s file system. As such, the functionality is very much enhanced because there is not an executable file that can be reverse engineered and/or “hacked” to disable anti-piracy features therein, making the software thereafter freely distributable without payment to or control by the software vendor. Further, the memory protection features of modern operating systems also prevent the “hacker” from trying to read the program memory when the hacker cannot access the non- existent executable file.

4. Examiner would like to point out that, applicant has clearly argued claim1, that the invention is tied to computer technology and improves the operation of the computer by anti-piracy feature with examples but these features are not claimed in the current claim set. Applicant doesn’t recite any type of anti-piracy technique.



5. Applicant’s arguments with respect to 103 rejection have been fully considered but they are not persuasive.

6. Applicant argues that Morgan does not discloses the execution of the first protected application is happening on the computer. Applicant also argues that Morgan do not discloses “(1) received the first protected application from one or more the servers, (2) stored in an unused portion of the RAM, (3) a corresponding new virtual address space is created, (4) the unused portion of RAM is mapped to that virtual address space, and (5) the computer executes instructions therein as a new user application”.

 7. Examiner would like to point out that claim 1 is rejected by Chen in view of Morgan.
The primary reference Chen discloses “storing the first protect application in an unused portion of the RAM , the unused portion of RAM is mapped to a new virtual address space, and  execute instructions as a new user application by the client process”  (see Figs.9A-B, Para: 0143 teaches if the secure application 402 is executing by the client processor, then the private shadow page table 422 is used to translate virtual addresses to physical addresses [new address space herein], while, if a software module within the VM 300D is executing, then the 

8. But Chen does not expressly teach “receiving the protected application from the server”. The secondary reference (Morgan) discloses this limitation (see, Figs.1-2, Para: 0045 and Para: 0047-0049 teaches receiving protected application from the server).

9. Further in response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).


                                                             Double Patenting
10. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed.Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Long 759 F.2d 887,

225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438,164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with his application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

11.    Claims 1-10 of this instant application are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-8 and 10 of the US patent no. 9,881,142. Although the claims at issue are not identical, they are not patentably distinct from each other 

                                              Claim Rejections - 35 USC §101
12.    35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

13. Claims 1-9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

14. Independent claim 1 is directed to “receive the first protected application data from the one or more servers, store the first protected application data in an unused portion of the RAM; creating a new virtual address space corresponding to the first protected application data; map the unused portion of the RAM containing the first protected application data to the new virtual address space through the MMU, and execute instructions in the first protected application data as a new user application”, is abstract. The closest known abstract idea that the courts have upheld as abstract is "data recognition and storage." Thus, by the claimed invention reciting the storing of the generated protected data in the memory of the second processor/ or unused portion of the RAM that is to recognize and execute the protected data with the corresponding user application, thus, the recited claimed invention is abstract.

The claim(s) 1 does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the limitations are merely instructions to implement the abstract idea on a computer and require no more than a generic computer to perform generic computer functions that are well-understood, routine and conventional activities previously known to the industry (e.g. receiving; ….storing; …creating;…spawning or executing;.....etc.). The receiving, storing, creating and spawning or executing mechanisms are a generic computing operations that does not enhance the functionality of the computer. Further, the claim does not recite an improvement to another technology or technical field, an improvement to the functioning of the computer itself, or meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment.

Appropriate action required.

Claim Rejections - 35 USC § 103
15. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

16. Claims 1-3, and 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Chen (US Pub.No.2016/0179564) in view of Morgan (US Pub.No.2013/0086643).

17. Regarding claim 1 Chen teaches a computer comprising: one or more processors; random access memory (RAM) interfaced to the one or more processors; a memory management unit 
one or more non-volatile storages, the one or more non-volatile storages comprising a file system, the file system comprising one or more files, the one or more files including data and instructions loadable into the RAM and executable by the one or more processors to implement an operating system and one or more user applications, wherein: the one or more virtual address spaces correspond to the one or more user applications; upon a user command to access a first protected application data, the operating system is configured to: receive the first protected application data, store the first protected application data in an unused portion of the RAM, the unused portion being unmapped by the MMU and operating system to the virtual address spaces, create a new virtual address space corresponding to the first protected application data, map the unused portion of the RAM containing the first protected application data to the new virtual address space through the MMU (Fig.8 and Para:0132-0133 teaches the software 200D uses a private address mapping module 420 and a private shadow page table 422 to effectively provide the secure application 402 with its own private physical memory 119B, which is isolated from the software modules in the VM 300D. In effect, the virtualization software 200D divides the system memory 119 into a VM memory 119A for use by the VM 300D and a private memory 119B for use by the secure application 402 [first protected application data herein].
Para: 0134 teaches the use of the private address mapping module 420 and the private shadow page table 422 to isolate the private memory 119B from the software modules in the VM 300D. The virtualization software 200D maps virtual addresses to a physical address space of a computer system. 

execute instructions in the first protected application data as a new user application (abstract, Figs.9A-B, Para: 0143 teaches if the secure application 402 is executing, then the private shadow page table 422 is used to translate virtual addresses to physical addresses [new address space herein], while, if a software module within the VM 300D is executing, then the second shadow page table 224 is used to translate virtual addresses to physical addresses. 
 A separate shadow page table will be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment.
 Para: 0155 teaches to isolate the private storage 121B from the software modules in the VM 300D, the virtualization software 200D uses a device emulator. The device emulator 254D may create and maintain a guest mapping data structure 255 (see FIG. 10) and a private mapping 

Chen teaches all the above claimed limitations, but does not expressly teaches receiving the protected application from the server.

Morgan teaches receiving the protected application from the server (Figs.1-2, Para: 0045 and Para: 0047-0049 teaches receiving protected application from the server).

It would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Chen to include receiving the protected application from the server as taught by Morgan such a setup would give a predictable result of secure network transaction.

18.    Regarding claim 2 Chen teaches the computer wherein the operating system prevents access by the one or more user applications to the first protected application data (Fig.8 and Para: 0132-0133 teaches the virtualization software 200D uses a private address mapping module 420 and a private shadow page table 422 to effectively provide the secure application 402 with its own private physical memory 119B, which is isolated from the software modules in the VM 300D. In effect, the virtualization software 200D divides the system memory 119 into a VM memory 119A for use by the VM 300D and a private memory 119B for use by the secure application 402 [first protected application data herein].

Para: 0147 -0148 teaches suppose a malicious software is able to execute within the VM 300D. The malicious software may gain full access to the guest OS page tables 23 and 24, and it may then use the guest OS page tables 23 and 24 to gain access to any memory page in the guest physical address space 334. The guest physical address space 334 constitutes the entire system memory 318D of the VM 300D, which is the only memory that is visible from within the VM 300D. As long as the virtualization software 200D is well designed and well implemented, there will be no way for any software in the VM 300D to determine that there is any memory in the computer system besides the guest system memory 318D. And yet, accessing the entire system memory 318D does not give any access to the private memory 119B of the secure application 402. The virtualization barriers 280C and 280D are able to protect these software modules and data structures, the private memory 119B will be effectively isolated from all software within the VM 300D).

19.    Regarding claim 3 Morgan teaches the computer, wherein before the receiving the first protected application data, the operating system performs authentication and authorization with the server  (Fig.1, para: 0017 and Para: 0019-0020 teaches performing authentication and verification/authorization with the server).

20.   Regarding claim 6 Morgan teaches the computer, wherein the one or more servers comprises an external server interfaced to the computer through a network (Figs.1-3, Para: 0047-0048 and Para: 0051 teaches the server comprises external server interfaced to the computer).


22.    Regarding claim 8 Chen in view of Morgan teaches the computer, wherein: the local server comprises a virtual server implemented inside the operating system, the first protected application data is encrypted when received from the external server upon a first user request to access the first protected application data, the operating system stores the encrypted first protected application data on the one or more non-volatile storages outside the file system, the virtual server retrieves the first protected application data from the one or more non-volatile storages upon a second or subsequent user request to access the first protected application data  (Para: 0031, Para: 0186-0187 teaches the system includes a user-definable number of non-sensitive VMs and a user-definable number of sensitive VMs, all of which are isolated from one another by the virtualization technology. Each sensitive VM provides access to a secure .

23. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Chen (US Pub.No.2016/0179564) in view of Morgan (US Pub.No.2013/0086643) as applied to claim 1 above, and further in view Lee (US Pub.No.2018/0045189).

24.    Regarding claim 5 Chen in view of Morgan does not expressly teach the first protected application data is encrypted when received from the server, and the first protected application is decrypted before the executing the instructions in the first protected application data.

 Lee teaches the computer, wherein: the first protected application data is encrypted when received from the server, and the first protected application is decrypted before the executing the instructions in the first protected application data (Para:0017 and Para:0040 teaches assigning the software module to the secure memory area so that the software module can execute using the secure memory area; encrypting data written to, and decrypting data read from, the secure memory area using at least one encryption key stored in a plurality of registers in the processor).

.

25. Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Chen (US Pub.No.2016/0179564) in view of Morgan (US Pub.No.2013/0086643) as applied to claim 1 and further in view Arnon (US Pat.No.8, 966,211).

26.    Regarding claim 9 Chen in view of Morgan teaches all the above claimed limitations, but does not expressly teach computer, wherein: the first protected application data corresponds to the computer, the first protected application data is generated from a source code and a first identifier, the first identifier corresponding to the computer, the first protected application data is different from a second application data generated using the source code and a second identifier corresponding to another computer, the difference including an order of one or a combination of functions, data, and call parameters of one or more of the functions.

Arnon teaches the first protected application data corresponds to the computer, the first protected application data is generated from a source code and a first identifier, the first identifier corresponding to the computer, the first protected application data is different from a second application data generated using the source code and a second identifier corresponding to another computer, the difference including an order of one or a combination of functions, data, and call parameters of one or more of the functions  (Col. 2, lines 8-14, and lines 17 – 26 teaches a first device identifier is assigned to an application on a host, where the application's data is stored on a data storage system. The first device identifier can be attached to a first data storage system that contains a first data set for use with operations with the application. The 

It would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Chen in view of Morgan to include the first protected application data is generated from a source code and a first identifier, the first identifier corresponding to the computer, the first protected application data is different from a second application data generated using the source code and a second identifier corresponding to another computer as taught by Arnon such a setup would allow for the database server to experience little to no interruption to its internal configuration when dynamically binding user’s identifiers.

27. Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Chen (US Pub.No.2016/0179564) in view of Morgan (US Pub.No.2013/0086643) and further in view of Arnon (US Pat.No.8, 966,211).

28.    Regarding claim 10 Chen teaches a system comprising: a computer; and one or more servers interfaced to the computer, wherein: the computer comprises: one or more processors, random access memory (RAM) interfaced to the one or more processors, a memory management unit (MMU) configured to translate virtual addresses of one or more virtual address spaces to addresses of the RAM (Fig.5, Para: 0114-0115 teaches virtual addresses are translated or mapped into a different physical addresses. The translations from guest virtual addresses to actual physical addresses (e.g. from GVPNs to PPNs) are defined as shadow address mappings or shadow mappings);

Para: 0134 teaches the use of the private address mapping module 420 and the private shadow page table 422 to isolate the private memory 119B from the software modules in the VM 300D. The virtualization software 200D maps virtual addresses to a physical address space of a computer system. 
Para: 0147 -0148 teaches suppose a malicious software is able to execute within the VM 300D. The malicious software may gain full access to the guest OS page tables 23 and 24, and it may then use the guest OS page tables 23 and 24 to gain access to any memory page in the guest physical address space 334. The guest physical address space 334 constitutes the entire system memory 318D of the VM 300D, which is the only memory that is visible from within the 
execute instructions in the first protected application data as a new user application (abstract, Figs.9A-B, Para: 0143 teaches if the secure application 402 is executing, then the private shadow page table 422 is used to translate virtual addresses to physical addresses [new address space herein], while, if a software module within the VM 300D is executing, then the second shadow page table 224 is used to translate virtual addresses to physical addresses. 
 A separate shadow page table will be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment.
 Para: 0155 teaches to isolate the private storage 121B from the software modules in the VM 300D, the virtualization software 200D uses a device emulator. The device emulator 254D may create and maintain a guest mapping data structure 255 (see FIG. 10) and a private mapping data structure 257 (see FIG. 10), each of which contains mappings from virtual block numbers to physical block numbers, with the guest mapping data structure 255 mapping to the physical data blocks that contain the code and/or data of the software modules within the VM 300D (i.e. mapping to the VM storage 121A) and the private mapping data structure 257 mapping to the 

Chen teaches all the above claimed limitations, but does not expressly teaches receiving the protected application from the server; and the server transmits the protected application data to the computer upon verifying authentication of the computer and authorization of the computer.

Morgan teaches receiving the protected application from the server (Figs.1-2, Para: 0045 and Para: 0047-0049 teaches receiving protected application from the server); and the server transmits the protected application data to the computer upon verifying authentication of the computer and authorization of the computer (Fig.1, para: 0017 and Para: 0019-0020 teaches performing authentication and verification/authorization with the server).

It would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Chen to include receiving the protected application from the server; and transmits the protected application data to the computer upon verifying authentication of the computer and authorization of the computer as taught by Morgan such a setup would give a predictable result of secure network transaction.

Both Chen in view of Morgan teaches all the above claimed limitations but does not expressly tech the server generates the first protected application data corresponding to the computer using a source code and a first identifier, the first identifier corresponding to the computer, the first protected application data is different from a second application data generated using the source code and a second identifier corresponding to another computer, the difference including an order of one or a combination of functions, data, and call parameters of one or more of the functions.

Arnon teaches the server generates the first protected application data corresponding to the computer using a source code and a first identifier, the first identifier corresponding to the computer, the first protected application data is different from a second application data generated using the source code and a second identifier corresponding to another computer, the difference including an order of one or a combination of functions, data, and call parameters of one or more of the functions (Col. 2, lines 8-14, and lines 17 – 26 teaches a first device identifier is assigned to an application on a host, where the application's data is stored on a data storage system. The first device identifier can be attached to a first data storage system that contains a first data set for use with operations with the application. The first device identifier can be re -assigned to a second storage device that contains a second data set for use with operation with the application.  Col. 2, lines 26 – 31 teaches the first identifier can include a label to that tells the location of the data storage device to which the identifier is attached).

It would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Chen in view of Morgan to include the first protected application data is generated from a source code and a first identifier, the first identifier corresponding to the computer, the first protected application data is different from a second application data generated using the source code and a second identifier corresponding to another computer as taught by Arnon such a setup would allow for the database server to experience little to no interruption to its internal configuration when dynamically binding user’s identifiers.




                                 Allowable Subject Matter
29.    Claim 4 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is a statement of reasons for the indication of allowable subject matter:

Chen et al. (US Pub.No.2016/0179564) discloses virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment. 

Morgan et al. (US Pub.No.2013/0086643) discloses a system and method for protecting client software running on a client computer from tampering using a secure server. Prior to or independent of executing the client software, the system integrates self-protection into the client software; removes functions from the client software for execution on the server; develops client software self-protection updates; and periodically distributes the updates. During execution of the client software, the system receives an initial request from the client computer for execution 

Krishnan et al. (US Pub.No.2019/0138433) discloses a method for evaluating a test suite for a software library includes generating a mutated software library by adding a fault to the software library, while the software library is used by a testing tool to evaluate a test suite. The method further includes loading the mutated software library, then executing a test in the test suite on the mutated software library to obtain a test result. The method further includes analyzing the test result.

         Fertig et al. (US Pat. No. 8,166,239) discloses a translation lookaside buffer and a related method for operating the TLB is provided. The method comprises the steps of: a) when adding an entry for a virtual address to said TLB testing whether the attribute data of said virtual address is already stored in said CAM and if the attribute data is not stored already in said CAM, generating tag data for said virtual address such that said tag data is different from the tag data generated for the other virtual addresses currently stored in said RAM and associated to the new entry in said CAM for the attribute data, adding the generated tag data to said RAM and to the associated entry in said CAM, and setting a validity flag in said CAM for said associated entry; else if the attribute data is stored already in said CAM, adding the stored attribute data to the entry in said RAM for said virtual address; and when performing a TLB lookup operation: reading the validity flag and the tag data from the entry in said CAM, which is associated to the entry in said RAM for said virtual address, and simultaneously 

        Khosravi et al. (US Pub.No.2008/0077767) discloses a method and apparatus for secure page swapping in a virtual memory system. An integrity check value mechanism is used to protect software programs from run-time attacks against memory pages while those pages are swapped to secondary memory. A hash value is computed for an agent page as it is swapped from primary memory to secondary memory. When the page is swapped back into primary memory from secondary memory, that hash value is recomputed to verify that the page was not modified while stored in secondary memory. Alternatively, the hash value is pre-computed and placed in an integrity manifest wherein it is retrieved and verified when the page is loaded back into primary memory from secondary memory.

However, none of the prior art of record as mentioned above alone or in combination, teaches or suggest the steps of: “the operating system self mutates in a deterministic manner such that a first image including executable instructions of the operating system stored in a file on the file system corresponding to the operating system differs from a second image including executable instructions in RAM after the operating system performs an initialization operation, and the authentication and authorization involves providing to the server evidence that the second image is executing as the operating system, to thereby prevent unauthorized access to the first protected application data by a malicious program,” as recited in claim 4.




                                                 Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506.  The examiner can normally be reached on Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DEREENA T CATTUNGAL/Examiner, Art Unit 2431