Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 08/09/2021 has been acknowledged. Claims 26-47, are currently pending and have been considered below. Claim 26, 32, 38 and 43 are independent claim. Claims 26, 32, 38 and 43 have been amended. No claim is added new.

Priority
The application is a section 371 of PCT/US15/67535 filed on 12/22/2015.

Response to Arguments
Applicant’s arguments filed in the amendments on 08/09/2021 have been fully considered but they are not persuasive. The reasons set forth below.

Response to Arguments
On pages 9 of the remarks, applicant argued that cited reference fails to teach a client-side hardware platform and client-side address space. The hardware platform as recited in Stewart is not client-side hardware platform.
Examiner respectfully disagrees. The claim recites “a system comprising: a client-side hardware platform comprising client-side address space”. Stewart, Fig-1, ¶[0012], shows a system where multi-tenant cloud service (element 102) 
Applicant further argued that address space provided by the cloud service for tenant data in Stewart is not a client-side address space but, instead, is hosted by the cloud based platform.
Examiner respectfully disagrees. Stewart ¶[0015], cloud service communicates with identity provider for authentication services as client-server. Identity provider represents any entity providing such authentication services. ¶[0019], cloud service computing device may represent a group of processing units or other computing devices. ¶[0014], cloud service includes a plurality of tenants, such as tenant #1 through tenant # N, each representing an entity. Cloud service hosts resources such as services or storage for tenants and provides those resources to computing devices on behalf of tenants. ¶[0022], memory area stores documents, services and other resources which are hosted by cloud service computing device on behalf of one or more of tenants.

On pages 9 of the remarks, applicant argued that Stewart fails to teach an address space dedicated to an accessor of obfuscated mufti-tenant data.
Examiner respectfully disagrees. The basic idea and goal of independent claims of the instant application is to convert the obfuscated data to deobfuscated data. But applicant never explained anywhere in the claim how 
Applicant further argued that, Stewart discloses that the system is to store documents about tenants that are publicly available. Examiner respectfully disagrees. Applicant cited section ¶[0001]- ¶[0002] from background information. Stewart, ¶[0011], the disclosure describes obfuscate tenancy status in a multi-tenant cloud service. Metadata documents describing entities that are not tenants of cloud service are dynamically generated with fictitious information to prevent third parties from ascertaining whether or not those entities are tenants.
Applicant further argued on page 10 that, tenant documents are not obfuscated for valid tenants. Stewart, ¶[0012] and  ¶[0015] teaches to provide service based on identity assertion. ¶[0018], cloud service conceals, obfuscates or otherwise attempts to prevent revealing whether a particular entity is a tenant. Moreover claim does not say that the system of claim 26 is not allowed 
Moreover secondary reference Borthakur, col 5, line 5-15 clearly teaches that the virtual machine may request access to a particular memory page contained in an obfuscated format. The virtual machine’s memory may be obfuscated in order to protect information contained in the memory from attack.

On pages 10 of the remarks, applicant argued that modification of Stewart would render the system of Stewart unsatisfactorily for its intended purpose and there is no motivation to modify Stewart in view of Borthakur.
Examiner respectfully disagrees. Applicant provided two reasons why the combination will not work. While arguing, applicant also provided few reasons that have no connection with the claim. Both Stewart and Borthakur teach obfuscating data. Stewart does not explicitly teach converting obfuscated data to deobfuscated data. Borthakur teaches the mechanism of generating deobfuscated data from obfuscated data. Thus the combination of Stewart in view of Borthakur will teach the claimed invention. Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page. Any reversible transformation may be used to obfuscate and un-obfuscate the data. Col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources. 

On pages 11 of the remarks, applicant argued that Borthakur does not teach self-extraction or self-installation by the executable view generation library as claimed in dependent claim 30.
Examiner respectfully disagrees. Examiner simply considers “self-extraction” or self-installation” as some terminology that are involved in conversion of obfuscated and deobfuscated data. Applicant never explained the definition of those terminology. Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page. Examiner interprets “self-extraction” or self-installation” as some mechanisms that take place while transforming obfuscated and deobfuscated data. 

For the entire above reasons examiner maintains the rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 26-47 are rejected under 35 U.S.C. 103 as being unpatentable over Stewart (US Patent Application Publication No 2015/0007263 A1) in view of Borthakur (US Patent No. 9,251,090 B1).

Regarding Claim 26, Stewart discloses a system comprising: 
a client-side hardware platform coupled to the bus, the hardware platform comprising a memory apparatus including a client-side address space dedicated to an accessor of obfuscated multitenant data (Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines 
Stewart does not explicitly discuss the following limitation that Borthakur teaches:
a display to visually present deobfuscated multi-tenant data (Borthakur, col 17, line 25-30, system includes hardware elements that are electronically coupled via a bus, CPU, input devices and output devices like display. Col 5, line 5-15, the virtual machine’s memory may remain obfuscated in the memory of the host computer system until it is required by the virtual machine 120 and placed in the virtual cache 110. Col 5, line 40-45, the hypervisor provide the memory obfuscation service with information corresponding to the requested data to enable the 
a bus coupled to the display (Borthakur, col 17, line 25-30, system includes hardware elements that are electronically coupled via a bus); and
wherein an executable view generation library is stored to the client-side address space (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine);
wherein the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to the deobfuscated multi-tenant data, and generate a single-tenant view based on the deobfuscated multi- tenant data (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory 
wherein the deobfuscated multi-tenant data is machine readable by the hardware platform (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).
Stewart in view of Borthakur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Stewart in view of Borthakur to include the idea of access authorization to control access to protected data management system to improve the performance of the system. It will also enhance the security of the system by blocking the fraudulent users.

Regarding claim 27, Stewart in view of Borthakur discloses the system of claim 26, wherein, convert the obfuscated multi-tenant data to the deobfuscated multi-tenant data based on metadata associated with the executable view generation library and generate a single-tenant view based on the deobfuscated multi-tenant data (Borthakur, col 9, line 15-25, once the memory obfuscation 

Regarding claim 28, Stewart in view of Borthakur discloses the system of claim 27, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Borthakur, col 1, line 15-20, various components of the hypervisor may require privileged access to the physical host machine in 

Regarding claim 29, Stewart in view of Borthakur discloses the system of claim 26, further including a secure interface to receive the executable view generation library from a data access binder (Borthakur, col 1, line 15-20, operating systems and applications, including virtualized operating systems and applications, use data obfuscation techniques to implement secure channels and trust Zones for secure application execution).

Regarding Claim 30, Stewart in view of Borthakur discloses the system of claim 29, wherein the executable view generation library is to conduct a self-extraction, conduct a self-installation, measure an opaqueness of itself and send the opaqueness to the data access binder (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page).

Regarding Claim 31, Stewart in view of Borthakur discloses the system of claim 26, wherein the executable view generation library is stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Regarding Claim 32, Stewart discloses an apparatus comprising:
a semiconductor integrated circuit comprising memory, the memory comprising:

Stewart does not explicitly discuss the following limitation that Borthakur teaches:
wherein an executable view generation library is stored to the client-side address space (Borthakur, col 17, line 25-30, system includes hardware elements that are electronically coupled via a bus, CPU, input devices and output devices like display. Col 5, line 5-15, the virtual machine’s memory may remain obfuscated in the memory of the host computer system until it is required by the virtual machine 120 and placed 
wherein the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to the deobfuscated multi-tenant data, and generate a single-tenant view based on the deobfuscated multi- tenant data (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine), and
wherein the deobfuscated multi-tenant data is machine readable by a client-side hardware platform providing the client side address space (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).


Regarding Claim 33, Stewart in view of Borthakur discloses the apparatus of claim 32, wherein to convert the obfuscated multi-tenant data to deobfuscated multi-tenant data is based on metadata associated with the executable view generation library (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page. Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity 

Regarding Claim 34, Stewart in view of Borthakur discloses the apparatus of claim 33, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Borthakur, col 1, line 15-20, various components of the hypervisor may require privileged access to the physical host machine in order to provide effective administration of the virtual machine instances. Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security information or other security context 

Regarding Claim 35, Stewart in view of Borthakur discloses the apparatus of claim 32, further including a secure interface to receive the executable view generation library from a data access binder (Borthakur, col 1, line 15-20, operating systems and applications, including virtualized operating systems and applications, use data obfuscation techniques to implement secure channels and trust Zones for secure application execution).

Regarding Claim 36, Stewart in view of Borthakur discloses the apparatus of claim 35, wherein the executable view generation library is to conduct a self-extraction, conduct a self-installation, measure an opaqueness of itself and send the opaqueness to the data access binder 

Regarding Claim 37, Stewart in view of Borthakur discloses the apparatus of claim 32, wherein the executable view generation library is stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Regarding Claim 38, Stewart discloses a method comprising: 
receiving a request to access at least a portion of obfuscated multi-tenant data (Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security 
Stewart does not explicitly discuss the following limitation that Borthakur teaches:
converting the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with an executable view generation library stored to a client-side address space dedicated to an accessor of the obfuscated multi-tenant data (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine); and

wherein the deobfuscated multi-tenant data is machine readable by a hardware platform providing the client side address space (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).
Stewart in view of Borthakur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Stewart in view of Borthakur to include the idea of access authorization to control access to protected data management system to improve the performance of the system. It 

Regarding Claim 39, Stewart in view of Borthakur discloses the method of claim 38, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Borthakur, col 1, line 15-20, various components of the hypervisor may require privileged access to the physical host machine in order to provide effective administration of the virtual machine instances. Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security information or other security context for the first entity has been previously received by cloud service. If valid security information is not available to cloud service, cloud service redirects the first entity to identity provider. ¶[0038]- ¶[0039], if the second entity is not one of tenants, cloud service dynamically generates a fictitious document. In this manner, aspects of the disclosure obfuscate, conceal or otherwise hide, from the first entity, the tenancy status of the second entity. ¶[0040], if the second entity is determined to be one of tenants of cloud 

Regarding Claim 40, Stewart in view of Borthakur discloses the method of claim 38, further including receiving the executable view generation library from a data access binder (Borthakur, col 1, line 15-20, operating systems and applications, including virtualized operating systems and applications, use data obfuscation techniques to implement secure channels and trust Zones for secure application execution).

Regarding Claim 41, Stewart in view of Borthakur discloses the method of claim 40, further including:
conducting a self-extraction (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page);
conducting a self-installation (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the 
measuring an opaqueness of the executable view generation library (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page); and
sending the opaqueness to the data access binder (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation 

Regarding Claim 42, Stewart in view of Borthakur discloses the method of claim 38, wherein the executable view generation library is stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Regarding Claim 43, Stewart discloses at least one computer readable storage medium comprising a set of instructions, which when executed by a computing system, cause the computing system to:
receive a request to access at least a portion of obfuscated multi-tenant data (Stewart, ¶[0012], a principal requests a service from a service provider. The service provider obtains an identity assertion from identity provider and provides the service to the principal. ¶[0034], cloud service determines whether the first entity has already been authenticated. Cloud service checks memory area to see if valid security information or other security context for the first entity has been previously received by cloud service. If valid security information is not available to cloud service, cloud service redirects the first entity to identity provider. ¶[0038]- ¶[0039], if the second entity is not one of 
Stewart does not explicitly discuss the following limitation that Borthaku teaches:
convert the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with an executable view generation library stored to a client-side address space (Borthakur, col 9, line 5-20, if the virtual machine is configured such that the virtual machine’s 420 memory is obfuscated the hypervisor or component thereof may call the memory obfuscation service. The hypervisor may make a service call to memory obfuscation service 430, the service call may include information suitable for retrieving the data from memory and loading the data into the virtual cache (un-obfuscated memory) associated with the virtual machine); and
generate a single-tenant view based on the deobfuscated multi-tenant data (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual 
wherein the deobfuscated multi-tenant data is machine readable by a hardware platform providing the client side address space (Borthakur, col 10, line 55-65, virtual machine 620 memory loaded into the memory 612 of the host computer system 600 may be obfuscated to protect sensitive information from attack. The memory obfuscation service may un-obfuscate at least a portion of the memory for use by the virtual machine 620).
Stewart in view of Borthakur are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Stewart in view of Borthakur to include the idea of access authorization to control access to protected data management system to improve the performance of the system. It will also enhance the security of the system by blocking the fraudulent users

Regarding Claim 44, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 43, wherein the metadata is to include one or more labels, access privileges, security 

Regarding Claim 45, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 43, wherein the instructions, when executed, cause the computing system to receive the 

Regarding claim 46, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 45, wherein the instructions, when executed, cause the computing system to:
conduct a self-extraction (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page);
conduct a self-installation (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an 
measure an opaqueness of the executable view generation library (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page); and
send the opaqueness to the data access binder (Borthakur, col 9, line 15-25, once the memory obfuscation service receives the service call it may obtain the obfuscated data from the memory. The memory obfuscation service generates a copy of the obfuscated data for use in the virtual cache associated with the virtual machine 420. The obfuscated data may be an obfuscated memory page or may be contained in an obfuscated memory page. The memory obfuscation service 430 may cause the obfuscated memory page to be un-obfuscated thereby generating an un-obfuscated memory page).

Regarding claim 47, Stewart in view of Borthakur discloses the at least one computer readable storage medium of claim 43, wherein the executable view generation library is to be stored to a trusted region of the client-side address space (Borthakur, col 9, line 45-50, the memory obfuscation service may receive all or a portion of the key from one or more other sources including a trusted platform module (TPM)).

Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  Any inquiry 




/WASIKA NIPA/           Primary Examiner, Art Unit 2433