Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	This is a Non-Final Office Action in response to the communication filed on 08/26/2020.
Claims 1-19 have been examined.


Drawings
3.	The drawings filed on 08/26/2020 are acceptable for examination proceedings.

Information Disclosure Statement
4.	The information disclosure statement (IDS) submitted on 08/26/2020 and 01/27/2021. Accordingly, the information disclosure statement is being considered by the examiner.

Examiner Notes
5.	Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing 
The examiner requests, in response to this Office action, support are shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.
When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111(c).

Internet Communications
6. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 

Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

7.	Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kaushik et al. (US 2014/281511 A1) in view of Chow et al. (US 2016/0283731 A1).  

Kaushik provide a secure data processing over a network. A set of expressions corresponding to an encrypted data is identified. The set of expressions and the encrypted data are transformed into an execution plan that invokes the data centric primitive logic within a trusted hardware, where the trusted hardware maintains the key data for decrypting the encrypted data, and for communicating the execution plan to the trusted hardware over the network. An application encryption key is encrypted (510) by using a public key associated with the trusted hardware.

Chow provide data or records can be accessible to an entity even if the data is stored in encrypted form provided the entity is capable of promptly decrypting the data without resorting to encryption cracking methods such as brute force, dictionary-based attacks or other cracking methods. The requester can access records without the untrusted processing unit or the untrusted code being able to discern or infer the records being accessed.

As per claim 1, Kaushik discloses a method of performing computational jobs securely on a shared computing resource (fig. 3 depicted an in-cloud server for an extended database management system according to one example implementation. The in-cloud server, such as a server 302, provides client machines with secure data processing services over a network. Using one or more secure processing units, the server 302 interprets and executes expressions on sensitive data without accessing such data in an unsecure form, ensuring the client machines that the sensitive data is protected and valid while stored in a cloud computing environment, for example), comprising: encrypting data files for a computational job on a secure system and storing the encrypted data files (para. 0047 discloses the untrusted component provides the batch management 318 with the encrypted data and a program identifier referring to which program to execute on the encrypted data, for example) establishing a key distribution server using a secure enclave on a front end of the shared computing resource (para. 0045 discloses One example implementation of the trusted hardware 306 provides a secure processing unit and example components of the secure processing unit may include batch management 318, a stack machine 320 and key management 322, which securely stores encryption keys 324, for example); transferring cryptographic keys and application binaries to the secure enclave of the shared computing resource using a session key; running the computational job via an application launcher on compute nodes of an untrusted execution environment of the shared computing resource (para. 0045 discloses One example implementation of the trusted hardware 306 provides a secure processing unit and example components of the secure processing unit may include batch management 318, a stack machine 320 and key management 322, which securely stores encryption keys 324, for example), said application launcher obtaining the application binaries for the (para. 0042 discloses   management system 304 executes data store operations that do not depend on encryption and delegates those operations that require decryption/ encryption to the trusted hardware 306, for example and furthermore; Para. 47 discloses programs are encrypted and signed so that they are protected while in transit. When received by management system 304, these programs are sent to the trusted hardware 306 and cached for later use. When an untrusted component, which may or may not be the management system 304, executes queries or sub-queries over encrypted data, the untrusted component provides the batch management 318 with the encrypted data and a program identifier referring to which program to execute on the encrypted data, for example). 

Kaushik failed to explicitly discloses the application launcher is run in an execution environment.
However, Chow discloses the application launcher is run in an execution environment (fig. 1 depicted the trusted processing unit 106 may be implemented by instantiating a trusted execution environment within a processor, for example). 



Therefore, it would have been obvious to one ordinary skilled in the art before the effective filling date of applicant’s claimed invention to combine the teachings of Chow with the teachings of Kaushik in order for providing private information retrieval [Chow: para. 0001].   

As per claim 2 as applied above Kaushik as modified Chow disclose wherein the application binaries are obtained at launch-time and are not stored in a non-volatile data store of the shared computing resources (para. 0042 of Kaushik discloses management system 304 executes data store operations that do not depend on encryption and delegates those operations that require decryption/ encryption to the trusted hardware 306, for example). 

As per claim 3 as applied above Kaushik as modified Chow disclose wherein a data file cryptographic key is transferred between the front end and untrusted execution environment of the shared computing resource at launch-time via the application launcher whose authenticity is verified without reference to a certificating authority (para. 0008 discloses the trusted hardware implements a set of data centric para. 0046 discloses the client machine 308 can securely send encryption keys to the trusted hardware 306 by encrypting such keys with the public key. These keys, which now may be referred to as wrapped keys, can only be decrypted with the private key, for example). 

As per claim 4 as applied above Kaushik as modified Chow disclose holding the cryptographic key in a secure memory of the application launcher, which is accessed via a call back routine (para. 0047 of Kaushik discloses Hardware/software components running on the client machine 308 and/or the management system 304 modify native queries to invoke trusted hardware code when, for example, manipulating encrypted data fields. These modified queries call out to stack programs that run on the stack machine 320. These programs are encrypted and signed so that they are protected while in transit, for example).  

As per claim 5 as applied above Kaushik as modified Chow disclose wherein multiple session keys are used for transfer of data files, application binaries and/or data cryptographic keys to the shared computing resource(fig. 4 of Kaushik step 412 decides to improve resource utilization by enhancing the execution plan, step 412 proceeds to step 414. Step 414 modifies the execution plan. According to one example implementation, each parameterized expression invoking a data centric primitive forms a work unit of which multiple such work units may aggregated for batched transfer and execution, for example).  

As per claim 6 as applied above Kaushik as modified Chow disclose wherein the application binary is loaded into anonymous RAM in the execution environment (para. 0021 of Kaushik discloses   the trusted hardware is a purpose-built circuit (e.g., Field-Programmable Gate Arrays (FPGA)) loaded with a trusted bitstream (e.g., binary code) and capable of being uniquely identified by remote client machine, for example). 

As per claim 7 as applied above Kaushik as modified Chow disclose wherein there is a time delay of hours, days or weeks between storing the encrypted data files in the data store on the shared computing resource and running the computational job on the shared computing resource (para. 0047 of Kaushik discloses queries to invoke trusted hardware code	when, for example, manipulating encrypted data fields. ...These programs are encrypted and signed so that they are protected while in transit. When received by management system 304, these programs are sent to the trusted hardware 306 and cached for later use. .... the untrusted component provides the batch management 318 with the encrypted data and a program identifier referring to which program to execute on the encrypted data, for example).   

As per claim 8 as applied above Kaushik as modified Chow disclose wherein the key distribution server is maintained on the front end the shared computing resource during said time delay and/or wherein the application launcher is at rest on a non-volatile data store of the shared computing resource (para. 0008 of Kaushik discloses the trusted hardware implements a set of data centric primitives that, during runtime, process expressions involving real values contained in encrypted fields/columns of a database table, for example). 

As per claim 9 as applied above Kaushik as modified Chow disclose wherein the application launcher comprises a key client and/or key call back routine/module (para. 0047 of Kaushik discloses Hardware/software components running on the client machine 308 and/or the management system 304 modify native queries to invoke trusted hardware code when, for example, manipulating encrypted data fields. These modified queries call out to stack programs that run on the stack machine 320. These programs are encrypted and signed so that they are protected while in transit, for example).  

As per claim 10 as applied above Kaushik as modified Chow disclose wherein the application binary and/or the application launcher are protected by obfuscation (para. 0047 of Kaushik discloses queries to invoke trusted hardware code	when, for example, manipulating encrypted data fields. ...These programs are encrypted and signed so that they are protected while in transit. When received by management system 304, these programs are sent to the trusted hardware 306 and cached for later use. .... the untrusted component provides the batch management 318 with the encrypted data and a program identifier referring to which program to execute on the encrypted data, for example). 

As per claim 11 as applied above Kaushik as modified Chow disclose wherein verification of the application binary is performed at launch-time by attestation and/or checksum verification (para. 0042 of Kaushik discloses management system 304 executes data store operations that do not depend on encryption and delegates those operations that require decryption/ encryption to the trusted hardware 306, for example). 

As per claim 12 as applied above Kaushik as modified Chow disclose wherein each compute node comprises a key client and implements a key call back routine (para. 0047 of Kaushik discloses Hardware/software components running on the client machine 308 and/or the management system 304 modify native queries to invoke trusted hardware code when, for example, manipulating encrypted data fields. These modified queries call out to stack programs that run on the stack machine 320. These programs are encrypted and signed so that they are protected while in transit, for example).   

As per claim 13 as applied above Kaushik as modified Chow disclose wherein a first compute node of the execution environment communicates with the key distribution server and the session key is exchanged between the first compute node and a plurality of other compute nodes of the execution environment at launch-time (para. 0045 of Kaushik discloses One example implementation of the trusted hardware 306 provides a secure processing unit and example components of the secure processing unit may include batch management 318, a stack machine 320 and key management 322, which securely stores encryption keys 324, for example). 

As per claim 14 as applied above Kaushik as modified Chow disclose wherein the shared computing resource comprises a plurality of different sets of data files pertaining to different computational jobs that are queued for running on the shared computational resource, each of the computational jobs being run sequentially upon compute nodes becoming available after completing a previous computational job in the queue (fig. 3 of Kaushik discloses3 is a block diagram illustrating an in-cloud server for an extended database management system according to one example implementation. The in-cloud server, such as a server 302, provides client machines with secure data processing services over a network, furthermore para. 0041 of Kaushik discloses implementation of the server 302 runs a modified instance of a management system 304 that has access to the trusted hardware 306, for example). 
 
 As per claim 15, Kaushik discloses a shared computational system fig. 3 depicted an in-cloud server for an extended database management system according to one example implementation. The in-cloud server, such as a server 302, provides client machines with secure data processing services over a network. Using one or more secure processing units, the server 302 interprets and executes expressions on sensitive data without accessing such data in an unsecure form, ensuring the client machines that the sensitive data is protected and valid while stored in a cloud computing environment, for example), comprising: a non-volatile data store arranged to store encrypted data files for a planned computational job (para. 0046 discloses Sensitive data is encrypted by the client machine 308 before being uploaded into a data store 326, for example and furthermore see para. 0047, “… the untrusted component provides the batch management 318 with the encrypted data and a program identifier referring to which program to execute on the encrypted data, for example); a key distribution server on a front end of the shared computational system having a secure (para. 0045 discloses One example implementation of the trusted hardware 306 provides a secure processing unit and example components of the secure processing unit may include batch management 318, a stack machine 320 and key management 322, which securely stores encryption keys 324, for example); an execution environment  (fig. 3 depicted a block diagram illustrating an in-cloud server, for example) and a key client for communication with the key distribution server so as to enable decryption of the data files and application binaries at launch-time for performing the planned computational job on the multiple compute nodes an application launcher on compute nodes of the shared computing resource (para. 0042 discloses management system 304 executes data store operations that do not depend on encryption and delegates those operations that require decryption/ encryption to the trusted hardware 306, for example and furthermore para. 0047 discloses programs are encrypted and signed so that they are protected while in transit. When received by management system 304, these programs are sent to the trusted hardware 306 and cached for later use. When an untrusted component, which may or may not be the management system 304, executes queries or sub-queries over encrypted data, the untrusted component provides the batch management  318 with the encrypted data and a program identifier referring to which program to execute on the encrypted data, for example), said application launcher arranged to obtain the application binaries and the (fig. 3 depicted Batch Management 318  receives  the  encryption  key  to  decrypt the encrypted data  stored  in  the  data  store  326  and  also receives  "application  encryption  key"  to  decrypt    the encrypted "program" which corresponds to the "application binaries" of  the  claim, for example). 

Kaushik failed to explicitly discloses the application launcher is run in an execution environment.

However, Chow discloses the application launcher is run in an execution environment (fig. 1 depicted the trusted processing unit 106 may be implemented by instantiating a trusted execution environment within a processor, for example). 

Kaushik and Chow are analogues art because they both are directed to system for providing private information retrieval from database and one ordinary skill in the art would have had a reasonable expectation of success to modify Kaushik with Chow because they are from the same field of endeavor. 

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filling date of applicant’s claimed invention to combine the Chow: para. 0001].   

As per claim 16 as applied above Kaushik as modified Chow disclose wherein the application binaries are obtained at launch-time and are not stored in a non-volatile data store of the shared computing resource (para. 0042 of Kaushik discloses management system 304 executes data store operations that do not depend on encryption and delegates those operations that require decryption/ encryption to the trusted hardware 306, for example). 

As per claim 17 as applied above Kaushik as modified Chow disclose wherein the key distribution server is maintained on the front end of the shared computing resource during said time delay and/or wherein the application launcher is at rest on a non-volatile data store of the shared computing resource (para. 0008 of Kaushik discloses the trusted hardware implements a set of data centric primitives that, during runtime, process expressions involving real values contained in encrypted fields/columns of a database table, for example). 

As per claim 18 as applied above Kaushik as modified Chow disclose wherein the shared computing resource comprises a plurality of different sets of data files pertaining to different computational jobs that are queued for (fig. 3 of Kaushik discloses3 is a block diagram illustrating an in-cloud server for an extended database management system according to one example implementation. The in-cloud server, such as a server 302, provides client machines with secure data processing services over a network, furthermore para. 0041 of Kaushik discloses implementation of the server 302 runs a modified instance of a management system 304 that has access to the trusted hardware 306, for example).

As per claim 19 as applied above in claim 1, Kaushik as modified Chow disclose wherein the application launcher comprises the key client for communication with the key distribution server on the front end of the shared computational system and obtains the application binaries at launch-time (para. 0042 of Kaushik discloses management system 304 executes data store operations that do not depend on encryption and delegates those operations that require decryption/ encryption to the trusted hardware 306 and furthermore para 0047 of Kaushik discloses These programs are encrypted and signed so that they are protected while in transit. When received by management system 304, these programs are sent to the trusted hardware 306 and cached for later use. When an untrusted component, which may or may not be the management system 304, executes queries or sub-queries over encrypted data, the untrusted component provides the batch management 318 with the encrypted data and a program identifier referring to which program to execute on the encrypted data, for example). 

Pertinent Art 
8.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Childs et a.  (US 2017/223115 A1) provide system allows the computing node to alternately permit or block the computing job processes from accessing all or a subset of the shared resources. The system controller moves any computing jobs active at the computing node to an alternate computing node while minimizing the risk of corrupting the shared resources. Ortiz et al. (US 2019/0362083 A1) provide a system for processing data within a Trusted Execution Environment (TEE) of a processor is provided. The system may include: a trust manager unit for verifying identity of a partner and issuing a communication key to the partner upon said verification of identity; at least one interface for receiving encrypted data from the partner encrypted using the communication key; a secure database within the TEE for storing the encrypted data with a storage key and for preventing unauthorized access of the encrypted data within the TEE; and a recommendation engine for decrypting and analyzing the encrypted data to generate recommendations based on the decrypted data.
Conclusion

9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information 





A.G.
March 11, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434