DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. IN201941040234, filed on October 4, 2019.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 4-8, 10-15, 17-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by White et al. (International Pub. No. WO 2015/138931 A1) hereinafter referred to as “White”.
Regarding Claim 1:
	White discloses the following limitations:
(Par. [0192], the methods and systems described herein may be deployed in part or in whole through a machine that executes computer software, program codes, and/or instructions on a processor (a method in a computer, the method comprising); Par. [00132], an application 110 may request information from another application or service (an interprocess communication (IPC) request to exchange data between a first process executing on the computer system and a second process executing on the computer). This data may be received (receiving) by the data bus 202, which may transfer it 218 to the policy engine 118 where it may undergo policy evaluation). White teaches an IPC mechanism which is associated with a policy engine, and this IPC mechanism receives the IPC request.  
	and invoking an IPC agent that executes in a trusted environment; processing the received IPC request by the IPC agent (Par. [0005], in embodiments, methods and systems of providing secured inter-process communications include operating an inter-process communications mechanism within a trusted code zone of the device (that executes in a trusted environment); Par. [0006], in embodiments, the inter-process communications are filtered, blocked, or otherwise modified (processing the received IPC request by the IPC agent) by the inter-process communications mechanism in accordance with a policy determined by a policy engine (invoking an IPC agent). The policy engine may also be located within the trusted code zone (that executes in a trusted environment)). After the request has been received, the IPC mechanism/policy engine of White is invoked to process the request, and the IPC mechanism/policy engine exist within the trusted execution environment.
	including: determining whether or not the first process is on a list of trusted processes; determining whether or not the second process is on the list of trusted processes (Par. [0020], in embodiments, the policy may be comprised of one or more of a black list, a white list (determining whether or not the process is on a list of trusted processes); Par. [0061], a white list may identify one or more allowed actions. For example, an application white list may comprise a list of application ids for applications that are permitted to execute on the device; Par. [0131-0133], embodiments of this process may ensure that sensitive data is not transferred to an application that is not authorized to receive that data, and/or that data is only transferred between applications and/or individuals that are authorized to send and receive information between each other … the movement of all data within a mobile device can be authorized based on parameters such as the source (first process), destination (second process), and sensitivity of the data). White discloses that one of the policies which may be used to secure inter-process communication involves a white list, which is understood to be a list of trusted processes. Furthermore, White uses the policy to verify that data is only transferred between applications which are authorized, and authorization of the request involves both the source and destination. Therefore, the usage of a whitelist policy with the authorization of applications involved with the data transfer through the policy meets the limitation claimed.  
	and in response to a determination that both the first process and the second process are on the list of trusted processes, exchanging data between the first process and the second process in accordance with the IPC request (Par. [0132], if the transfer is authorized (and in response to a determination that both the first process and the second process are on the list of trusted processes), the data bus may update the data context and transfer 212 the data and context to the destination application (exchanging data between the first process and the second process in accordance with the IPC request)). After the whitelist policy of White verifies both applications and authorizes the data exchange, the data exchange proceeds as requested.  

Regarding Claim 2:

	White further discloses the following limitation:
	wherein an exchange of data between the first process and the second process is not performed in response to a determination that either the first process or the second process is not on the list of trusted processes (Par. [0132], if the transfer is not authorized (in response to a determination that either the first process or the second process is not on the list of trusted processes), the data bus may report 212 failure (an exchange of data between the first process and the second process is not performed) to the requesting application 110; Par. [0131], data is only transferred between applications and/or individuals that are authorized to send and receive information between each other). Using the previous arguments above in Claim 1, the system of White authorizes the data transfer based on both the source and destination application through a white list policy. As such, failure of either application to appear on the list results in the transfer being not authorized which subsequently results in data not being transferred.

Regarding Claim 4:
	White discloses Claim 1.
	White further discloses the following limitation:
	wherein the first process is a data producer and the second process is a data consumer, the method further comprising capturing data from the data producer in response to a determination that the data producer is on the list of trusted processes and forwarding the captured data in response to a determination that the data consumer is on the list of trusted processes (Par. [0133], the movement of ail data within a mobile device can be authorized based on parameters such as the source (first process is a data producer), destination (second process is a data consumer), and sensitivity of the data; Par. [0132], if the transfer is authorized (in response to a determination that the data producer is on the list of trusted processes … in response to a determination that the data consumer is on the list of trusted processes), the data bus may update the data context (capturing data from the data producer) and transfer 212 the data and context to the destination application (and forwarding the captured data)). White discloses a system which analyzes the data transfer, which includes the data to be sent, before making the determination of whether the data producer is on the list of trusted processes. This slightly differs from the claim in which the capturing of data is performed in response to the determination. However, the system of White discloses updating the data context post-determination of the process being on the list. Under the broadest reasonable interpretation, this updating of the data context constitutes capturing data (as this is associated data which is produced by the data producer), and this data context is forwarded to the destination application. A separate interpretation may also be performed in which White discloses logging the attempted data transfer (Par. [0095], Regardless of the policy determination, information about the execution attempt, conditions used in making the determination, and resulting action may be logged for use by the user and device administrator). Under the broadest reasonable interpretation, this also constitutes capturing the data, and this data is transferred when the action is performed.  

Regarding Claim 5:
	White discloses Claim 1.
	White further discloses the following limitation:
	wherein the IPC request corresponds to an operating system (OS) system call, wherein the corresponding OS system call invokes the IPC agent to process the received IPC request (Par. [0094], a system controller 134 may execute a system call 136 in response to a request from an application 110 (the IPC request corresponds to an operating system (OS) system call). In embodiments, the system controller 134 may be adapted to send a request to the IPC controller (the corresponding OS system call invokes the IPC agent to process the received IPC request)). The system controller of White may execute a system call, and invoking the IPC agent (IPC controller) is performed in order to process the request.  Note that the IPC controller is synonymous to that of the IPC mechanism disclosed earlier by White (Par. [0093], The inter-process communication mechanism may be, for example, an object firewall 144, an IPC controller 138 A and/or B, or some other inter-process communication mechanism).

Regarding Claim 6:
	White discloses Claim 1.
	White further discloses the following limitation:
	further comprising loading and executing an IPC agent in a trusted execution environment while loading an operating system on the computer (Par. [0151], when a device is powered on (while loading an operating system on the computer), either a distributed or centralized mechanism may be used for input/output of policy and/or aspect-oriented programming data into processes to enforce security policies (further comprising loading and executing an IPC agent in a trusted execution environment)). White teaches that a mechanism may activate the system for securing inter-process communication on device startup, i.e. loading the operating system. Enforcing security policies by the system of White inherently entails loading/executing the IPC agent in the trusted execution environment under the broadest reasonable interpretation, as the IPC agent has been interpreted to include the policy engine of White.

Regarding Claim 7:
	White discloses Claim 6.
	White further discloses the following limitation:
(Par. [0053], the policy engine may use the one or more policies to evaluate the call (the IPC agent accessing the list of trusted processes); Par. [0061], the policy may also be stored in a policy engine on the device (storing the list of trusted processes in the trusted execution environment)). The policy engine of White, which has previously been interpreted to be part of the IPC agent, inherently accesses the list of trusted processes and it is responsible for administering policies, which include that of the whitelist. Likewise, the policy engine naturally has policies stored within itself, and the policy engine was previously argued to operate in the trusted execution environment. Therefore, the list of trusted processes, a policy, is also stored inherently within the trusted execution environment. 

Regarding Claim 8:
	Claim 8 is drawn to the non-transitory computer-readable storage medium corresponding to the method of using same as claimed in Claim 1. Therefore, non-transitory computer-readable storage medium Claim 8 corresponds to method Claim 1, and is rejected for the same reasons of anticipation as used above. However, Claim 8 further recites a “non-transitory computer-readable storage medium having stored thereon computer executable instructions, which when executed by a computer device, cause the computer device to” (White, Claim 15, a non-transitory computer readable medium comprising: instructions executable by one or more processors to cause the one or more processors to).
	
Regarding Claim 10:
	White discloses Claim 8.
	Claim 10 is drawn to the non-transitory computer-readable storage medium corresponding to the method of using same as claimed in Claim 4. Therefore, non-transitory computer-readable storage 

Regarding Claim 11:
	White discloses Claim 8. 
	Claim 11 is drawn to the non-transitory computer-readable storage medium corresponding to the method of using same as claimed in Claim 5. Therefore, non-transitory computer-readable storage medium Claim 11 corresponds to method Claim 5, and is rejected for the same reasons of anticipation as used above. However, Claim 11 further recites a “non-transitory computer-readable storage medium” which has been met above in the interpretation of Claim 8.

Regarding Claim 12:
	White discloses Claim 8. 
	Claim 12 is drawn to the non-transitory computer-readable storage medium corresponding to the method of using same as claimed in Claim 6. Therefore, non-transitory computer-readable storage medium Claim 12 corresponds to method Claim 6, and is rejected for the same reasons of anticipation as used above. However, Claim 12 further recites a “non-transitory computer-readable storage medium” which has been met above in the interpretation of Claim 8.

Regarding Claim 13:
	White discloses Claim 8. 
	Claim 13 is drawn to the non-transitory computer-readable storage medium corresponding to the method of using similar to as claimed in Claim 7 except Claim 7 is further dependent on Claim 6 

Regarding Claim 14:
	White discloses Claim 12. 
	Claim 14 is drawn to the non-transitory computer-readable storage medium corresponding to the method of using same as claimed in Claim 7. Therefore, non-transitory computer-readable storage medium Claim 14 corresponds to method Claim 7, and is rejected for the same reasons of anticipation as used above. However, Claim 14 further recites a “non-transitory computer-readable storage medium” which has been met above in the interpretation of Claim 8. Furthermore, Claim 14 recites that “the computer device” instead of “the IPC agent” accesses and stores the list of trusted processes. As the IPC agent is part of the computer device (White, Par. [0192], the methods and systems described herein may be deployed in part or in whole through a machine that executes computer software, program codes, and/or instructions on a processor), the limitation of this claim is inherently met. 

Regarding Claim 15:
	Claim 15 is drawn to the apparatus corresponding to the method of using same as claimed in Claim 1. Therefore, apparatus Claim 15 corresponds to method Claim 1, and is rejected for the same reasons of anticipation as used above. However, Claim 15 further recites “an apparatus comprising: one or more computer processors; and a computer-readable storage medium comprising instructions for (White, Par. [0192], the methods and systems described herein may be deployed in part or in whole through a machine that executes computer software, program codes, and/or instructions on a processor (An apparatus comprising: one or more computer processors). The present invention may be implemented as a method on the machine, as a system or apparatus as part of or in relation to the machine, or as a computer program product (comprising instructions for controlling the one or more computer processors to be operable to) embodied in a computer readable medium (and a computer-readable storage medium) executing on one or more of the machines).

Regarding Claim 17:
	White discloses Claim 15. 
	Claim 17 is drawn to the apparatus corresponding to the method of using same as claimed in Claim 4. Therefore, apparatus Claim 17 corresponds to method Claim 4, and is rejected for the same reasons of anticipation as used above. However, Claim 17 further recites “an apparatus” and “computer-readable storage medium comprising instructions for controlling the one or more computer processors” which have been met above in the interpretation of Claim 15. 

Regarding Claim 18:
	White discloses Claim 15. 
	Claim 18 is drawn to the apparatus corresponding to the method of using same as claimed in Claim 5. Therefore, apparatus Claim 18 corresponds to method Claim 5, and is rejected for the same reasons of anticipation as used above. However, Claim 18 further recites “an apparatus” and “computer-readable storage medium comprising instructions for controlling the one or more computer processors” which have been met above in the interpretation of Claim 15. 

Regarding Claim 19:
	White discloses Claim 15. 
	Claim 19 is drawn to the apparatus corresponding to the method of using same as claimed in Claim 6. Therefore, apparatus Claim 19 corresponds to method Claim 6, and is rejected for the same reasons of anticipation as used above. However, Claim 19 further recites “an apparatus” and “computer-readable storage medium comprising instructions for controlling the one or more computer processors” which have been met above in the interpretation of Claim 15. 

Regarding Claim 20:
	White discloses Claim 15. 
	Claim 20 is drawn to the apparatus corresponding to the non-transitory computer-readable storage medium same as claimed in Claim 13. Therefore, apparatus Claim 20 corresponds to non-transitory computer-readable storage medium Claim 13, and is rejected for the same reasons of anticipation as used above. However, Claim 20 further recites “an apparatus” and “computer-readable storage medium comprising instructions for controlling the one or more computer processors” which have been met above in the interpretation of Claim 15. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 9, 16 are rejected under 35 U.S.C. 103 as being unpatentable over White and further in view of Zhang et al. (US Pub. No. 2019/0278910 A1) hereinafter referred to as “Zhang”.
Regarding Claim 3:
	White discloses Claim 1.
	Zhang discloses the following limitations not taught by White:
	further comprising receiving a registration request from each of the first process and the second process and designating said each process as being on the list of trusted processes (Par. [0066], the whitelist may be updated to add new pre-authorized processes to the whitelist or to remove pre-authorized process from the whitelist. The updating of the whitelist may be performed (designating said each process as being on the list of trusted processes) in response to receipt of an instruction to update the pre-authorized process (receiving a registration request from each of the first process and the second process)). The system of White discloses updating rules for allowance of data exchanges automatically with each request. That is, in another embodiment which extends the policy engine to firewall rules, White discloses that “the target object IPC firewall 504 D may change one or more IPC firewall rules or add/remove IPC firewall rules” (White, Par. [0137]), which similarly apply to that of the whitelist disclosed above. While White discloses that updating rules/policies may be performed in response to a data exchange request, White does not explicitly disclose a registration request of the processes to the whitelist. Zhang however discloses a whitelist registration request may be received in order to update the whitelist (adding entries in the whitelist). Furthermore, Zhang discloses that a process may be determined to be a new pre-authorized process through the attributes of the preexisting pre-authorized processes in the whitelist. Therefore, when taken in combination with the system of White which performs an automatic update of rules in response to a data transfer which applies to both the source and destination application, the limitations of the claim are met.  Zhang teaches that the benefit of a whitelist is that “it may be advantageous for such system processes to be permitted without requiring the additional checks of Access Control System 500” (Zhang, Par. [0065]). Thus, the inclusion of additional whitelisted applications through updates has the inherent benefit of reducing the additional processing overhead from verifying the processes.
	when attributes of said each process matches corresponding attributes in the list of trusted processes (Par. [0065], determining whether at least one of the calling process 310a or the target process 310b is a pre-authorized process is based on the list of pre-authorized processes (e.g. the whitelist). The whitelist may be maintained, for example, in Policy Store 535. The “whitelist” may include identifiers of processes that are pre-authorized. The pre-authorized processes in the “whitelist” may be either calling processes and/or target processes. The “whitelist” may include calling process attribute data for one or more calling processes which identifies each of the calling processes as a pre-authorized process. The “whitelist” may also include target process attribute data for one or more target processes which identifies each of the target processes as a pre-authorized process (when attributes of said each process matches corresponding attributes in the list of trusted processes)). As argued above, Zhang discloses how a new pre-authorized process may be determined using the attribute data from existing processes in the whitelist. 

	References White and Zhang are considered to be analogous art because they both relate to securing inter-process communication through a whitelist. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the inter-process communication system of White with the whitelist updates of Zhang in order to gain the benefit of reducing the amount of processing overhead required.

Regarding Claim 9:
	White discloses Claim 8.


Regarding Claim 16:
	White discloses Claim 15. 
	Claim 16 is drawn to the apparatus corresponding to the method of using same as claimed in Claim 3. Therefore, apparatus Claim 16 corresponds to method Claim 3, and is rejected for the same reasons of motivation/combination as used above. However, Claim 16 further recites “an apparatus” and “computer-readable storage medium comprising instructions for controlling the one or more computer processors” which have been met above in the interpretation of Claim 15. 

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Seibel et al. (U.S. Pub. No. 2017/0214530 A1) – Includes a similar system in which a trusted execution environment restricts inter-process communication 
Dotan (U.S. Pub. No. 2011/0113427 A1) – Includes methods related to executing the security mechanisms for inter-process communication when the operating system is started

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431                                                                                                                                                                                                        /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431