Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

RCE filed on 04/28/2022 has been acknowledged. Claims filed on 04/04/2022 has been acknowledged. Claims 26-47, are currently pending and have been considered below. Claim 26, 32, 38 and 43 are independent claim. Claims 26, 32, 38 and 43 have been amended. No claim is added new.

Priority
The application is a section 371 of PCT/US15/67535 filed on 12/22/2015.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/28/2022 has been entered.

Remarks and Response
Applicant’s arguments filed in the amendments on 04/04/2022 have been fully considered but are moot in view of new grounds of rejection. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 26-47 are rejected under 35 U.S.C. 103 as being unpatentable over Kruse (US Patent No 9,946,895) in view of “Secure Logical Isolation for Multi-tenancy in Cloud Storage” by Michael Factor hereinafter Factor.

Regarding Claim 26, Kruse discloses a system comprising: 
a display to visually present deobfuscated multi-tenant data (Kruse, Fig-1, col 2, line 20-35, a user can utilize a client device 102 to submit requests across at least one network to a resource provider environment. Col 11, line 25-30);
a bus coupled to the display (Kruse, col 2, line 20-35, the client device can include any appropriate electronic device operable to send and receive requests, messages or other such information over an appropriate network and convey information back to a user of the device); and
a client-side hardware platform coupled to the bus, the hardware platform comprising a memory apparatus including a client-side address space dedicated to an accessor of obfuscated multitenant data, wherein an executable view generation library is stored to the client-side address space (Kruse, col 2, line 45-50, the provider environment (multi-tenant environment”) may include various types of electronic resources that can be utilized concurrently by multiple users for a variety of different purposes. The sharing of these multi-tenant resources from a provider environment is often referred to as resource sharing. Fig-7, col 9, line 55-65, the device may include a memory and touch screen and display), 
wherein the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the at least a portion of the obfuscated multi-tenant data to the deobfuscated multi-tenant data, and generate a single-tenant view based on the deobfuscated multi- tenant data (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext), and
wherein the deobfuscated multi-tenant data is machine readable by the hardware platform (Kruse, col 8, line the first processing system could send a request to the obfuscation manager. The obfuscation manager can send a request to the data service for data X which is stored in a data repository. The obfuscation manager can receive data X and perform an obfuscation of at least the sensitive portion of the data. Col 11, line 25-30, the information can then be returned to the user, such as in a result listing on a Web page that the user is able to view via a browser on the user device).
Kruse does not explicitly discuss the following limitation that Factor teaches:
wherein the obfuscated muti-tenant data includes commingled data from a plurality of tenants (Factor, ¶[introduction], each customer is a tenant of the cloud infrastructure. A major concern expressed by many businesses over moving to a public cloud delivery model is security. This concern stems from the commingling of the data of different tenants on shared physical resources. ¶[problem statement], these systems commingle data from different users on the same physical resources. This approach is often referred to as multi-tenancy).
Kruse in view of Factor are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data storage in cloud computing environment and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Kruse in view of Factor to include the idea of providing security to data in cloud environment similar to physical isolation while allowing complete pooling of resources. It will also enhance the security of the system by blocking the fraudulent users.

Regarding claim 27, Kruse in view of Factor discloses the system of claim 26, wherein, convert the obfuscated multi-tenant data to the deobfuscated multi-tenant data based on metadata associated with the executable view generation library and generate a single-tenant view based on the deobfuscated multi-tenant data (Factor, ¶[problem statement], page 2, Swift has a two tier architecture, consisting of client facing proxy servers, which handle authentication, authorization and access control enforcement and metadata. ¶[system model], page 3, each service node may use local srorage or shared storage to host user data/metadata).

Regarding claim 28, Kruse in view of Factor discloses the system of claim 27, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Factor, ¶[problem statement], page 2, Swift has a two tier architecture, consisting of client facing proxy servers, which handle authentication, authorization and access control enforcement and metadata. ¶[system model], page 3, each service node may use local srorage or shared storage to host user data/metadata).

Regarding claim 29, Kruse in view of Factor discloses the system of claim 26, further including a secure interface to receive the executable view generation library from a data access binder (Kruse, col 4, line 55-60, since some of the data are sensitive or restricted from access by other unauthorized customers, it can be desirable for the environment to provide some type of security mechanism. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding Claim 30, Kruse in view of Factor discloses the system of claim 29, wherein the executable view generation library is to conduct a self-extraction, conduct a self-installation, measure an opaqueness of itself and send the opaqueness to the data access binder (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding Claim 31, Kruse in view of Factor discloses the system of claim 26, wherein the executable view generation library is stored to a trusted region of the client-side address space (Kruse, protected location such as trusted platform module (TPM). Also Factor, ¶[system model], page 3, dedicated hardware or dedicated virtual machines are given for users/tenants. The underlying hardware as well as the multi-user operating systems to provide secure isolation between processes of different OS users. One uid (OS user) can not access resources belonging to another uid. If a process is compromised by an attacker, the attacker can run arbitrary code under the uid that started the process).

Regarding Claim 32, Kruse discloses an apparatus comprising:
a semiconductor integrated circuit comprising memory, the memory comprising a client-side address space dedicated to an accessor of obfuscated multi-tenant data (Kruse, Fig-1, col 2, line 20-35, a user can utilize a client device 102 to submit requests across at least one network to a resource provider environment. Col 11, line 25-30):
 
wherein an executable view generation library is stored to the client-side address space (Kruse, col 2, line 45-50, the provider environment (multi-tenant environment”) may include various types of electronic resources that can be utilized concurrently by multiple users for a variety of different purposes. The sharing of these multi-tenant resources from a provider environment is often referred to as resource sharing. Fig-7, col 9, line 55-65, the device may include a memory and touch screen and display);
wherein the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the at least a portion of the obfuscated multi-tenant data to the deobfuscated multi-tenant data, and generate a single-tenant view based on the deobfuscated multi- tenant data (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext), and
wherein the deobfuscated multi-tenant data is machine readable by a client-side hardware platform providing the client side address space (Kruse, col 8, line the first processing system could send a request to the obfuscation manager. The obfuscation manager can send a request to the data service for data X which is stored in a data repository. The obfuscation manager can receive data X and perform an obfuscation of at least the sensitive portion of the data. Col 11, line 25-30, the information can then be returned to the user, such as in a result listing on a Web page that the user is able to view via a browser on the user device).
Kruse does not explicitly discuss the following limitation that Factor teaches:
wherein the obfuscated muti-tenant data includes commingled data from a plurality of tenants (Factor, ¶[introduction], each customer is a tenant of the cloud infrastructure. A major concern expressed by many businesses over moving to a public cloud delivery model is security. This concern stems from the commingling of the data of different tenants on shared physical resources. ¶[problem statement], these systems commingle data from different users on the same physical resources. This approach is often referred to as multi-tenancy).
Kruse in view of Factor are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data storage in cloud computing environment and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Kruse in view of Factor to include the idea of providing security to data in cloud environment similar to physical isolation while allowing complete pooling of resources. It will also enhance the security of the system by blocking the fraudulent users.

Regarding Claim 33, Kruse in view of Factor discloses the apparatus of claim 32, wherein to convert the obfuscated multi-tenant data to deobfuscated multi-tenant data is based on metadata associated with the executable view generation library (Factor, ¶[problem statement], page 2, Swift has a two tier architecture, consisting of client facing proxy servers, which handle authentication, authorization and access control enforcement and metadata. ¶[system model], page 3, each service node may use local srorage or shared storage to host user data/metadata).

Regarding Claim 34, Kruse in view of Factor discloses the apparatus of claim 33, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Factor, ¶[problem statement], page 2, Swift has a two tier architecture, consisting of client facing proxy servers, which handle authentication, authorization and access control enforcement and metadata. ¶[system model], page 3, each service node may use local srorage or shared storage to host user data/metadata).

Regarding Claim 35, Kruse in view of Factor discloses the apparatus of claim 32, further including a secure interface to receive the executable view generation library from a data access binder (Kruse, col 4, line 55-60, since some of the data are sensitive or restricted from access by other unauthorized customers, it can be desirable for the environment to provide some type of security mechanism. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding Claim 36, Kruse in view of Factor discloses the apparatus of claim 35, wherein the executable view generation library is to conduct a self-extraction, conduct a self-installation, measure an opaqueness of itself and send the opaqueness to the data access binder (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding Claim 37, Kruse in view of Factor discloses the apparatus of claim 32, wherein the executable view generation library is stored to a trusted region of the client-side address space (Kruse, protected location such as trusted platform module (TPM). Also Factor, ¶[system model], page 3, dedicated hardware or dedicated virtual machines are given for users/tenants. The underlying hardware as well as the multi-user operating systems to provide secure isolation between processes of different OS users. One uid (OS user) can not access resources belonging to another uid. If a process is compromised by an attacker, the attacker can run arbitrary code under the uid that started the process).

Regarding Claim 38, Kruse discloses a method comprising: 
receiving a request to access at least a portion of obfuscated multi-tenant data (Kruse, Fig-1, col 2, line 20-35, a user can utilize a client device 102 to submit requests across at least one network to a resource provider environment. Col 11, line 25-30);
converting the at least a portion of the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with an executable view generation library stored to a client-side address space dedicated to an accessor of the obfuscated multi-tenant data (Kruse, col 2, line 45-50, the provider environment (multi-tenant environment”) may include various types of electronic resources that can be utilized concurrently by multiple users for a variety of different purposes. The sharing of these multi-tenant resources from a provider environment is often referred to as resource sharing. Fig-7, col 9, line 55-65, the device may include a memory and touch screen and display); and
generating a single-tenant view based on the deobfuscated multi-tenant data (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext).
wherein the deobfuscated multi-tenant data is machine readable by a hardware platform providing the client side address space (Kruse, col 8, line the first processing system could send a request to the obfuscation manager. The obfuscation manager can send a request to the data service for data X which is stored in a data repository. The obfuscation manager can receive data X and perform an obfuscation of at least the sensitive portion of the data. Col 11, line 25-30, the information can then be returned to the user, such as in a result listing on a Web page that the user is able to view via a browser on the user device).
Kruse does not explicitly discuss the following limitation that Factor teaches:
wherein the obfuscated muti-tenant data includes commingled data from a plurality of tenants (Factor, ¶[introduction], each customer is a tenant of the cloud infrastructure. A major concern expressed by many businesses over moving to a public cloud delivery model is security. This concern stems from the commingling of the data of different tenants on shared physical resources. ¶[problem statement], these systems commingle data from different users on the same physical resources. This approach is often referred to as multi-tenancy).
Kruse in view of Factor are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data storage in cloud computing environment and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Kruse in view of Factor to include the idea of providing security to data in cloud environment similar to physical isolation while allowing complete pooling of resources. It will also enhance the security of the system by blocking the fraudulent users.


Regarding Claim 39, Kruse in view of Factor discloses the method of claim 38, wherein the metadata includes one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Factor, ¶[problem statement], page 2, Swift has a two tier architecture, consisting of client facing proxy servers, which handle authentication, authorization and access control enforcement and metadata. ¶[system model], page 3, each service node may use local srorage or shared storage to host user data/metadata).

Regarding Claim 40, Kruse in view of Factor discloses the method of claim 38, further including receiving the executable view generation library from a data access binder (Kruse, col 4, line 55-60, since some of the data are sensitive or restricted from access by other unauthorized customers, it can be desirable for the environment to provide some type of security mechanism. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding Claim 41, Kruse in view of Factor discloses the method of claim 40, further including:
conducting a self-extraction; conducting a self-installation; measuring an opaqueness of the executable view generation library; and sending the opaqueness to the data access binder (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding Claim 42, Kruse in view of Factor discloses the method of claim 38, wherein the executable view generation library is stored to a trusted region of the client-side address space (Kruse, protected location such as trusted platform module (TPM). Also Factor, ¶[system model], page 3, dedicated hardware or dedicated virtual machines are given for users/tenants. The underlying hardware as well as the multi-user operating systems to provide secure isolation between processes of different OS users. One uid (OS user) can not access resources belonging to another uid. If a process is compromised by an attacker, the attacker can run arbitrary code under the uid that started the process).

Regarding Claim 43, Kruse discloses at least one computer readable storage medium comprising a set of instructions, which when executed by a computing system, cause the computing system to:
receive a request to access at least a portion of obfuscated multi-tenant data (Kruse, Fig-1, col 2, line 20-35, a user can utilize a client device 102 to submit requests across at least one network to a resource provider environment. Col 11, line 25-30);
convert the at least a portion of the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with an executable view generation library stored to a client-side address space (Kruse, col 2, line 45-50, the provider environment (multi-tenant environment”) may include various types of electronic resources that can be utilized concurrently by multiple users for a variety of different purposes. The sharing of these multi-tenant resources from a provider environment is often referred to as resource sharing. Fig-7, col 9, line 55-65, the device may include a memory and touch screen and display); and
generate a single-tenant view based on the deobfuscated multi-tenant data (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext). 
wherein the deobfuscated multi-tenant data is machine readable by a hardware platform providing the client side address space (Kruse, col 8, line the first processing system could send a request to the obfuscation manager. The obfuscation manager can send a request to the data service for data X which is stored in a data repository. The obfuscation manager can receive data X and perform an obfuscation of at least the sensitive portion of the data. Col 11, line 25-30, the information can then be returned to the user, such as in a result listing on a Web page that the user is able to view via a browser on the user device).
Kruse does not explicitly discuss the following limitation that Factor teaches:
wherein the obfuscated muti-tenant data includes commingled data from a plurality of tenants (Factor, ¶[introduction], each customer is a tenant of the cloud infrastructure. A major concern expressed by many businesses over moving to a public cloud delivery model is security. This concern stems from the commingling of the data of different tenants on shared physical resources. ¶[problem statement], these systems commingle data from different users on the same physical resources. This approach is often referred to as multi-tenancy).
Kruse in view of Factor are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data storage in cloud computing environment and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Kruse in view of Factor to include the idea of providing security to data in cloud environment similar to physical isolation while allowing complete pooling of resources. It will also enhance the security of the system by blocking the fraudulent users.

Regarding Claim 44, Kruse in view of Factor discloses the at least one computer readable storage medium of claim 43, wherein the metadata is to include one or more labels, access privileges, security parameters, schemas or relationships among accessors of the obfuscated multi-tenant data (Factor, ¶[problem statement], page 2, Swift has a two tier architecture, consisting of client facing proxy servers, which handle authentication, authorization and access control enforcement and metadata. ¶[system model], page 3, each service node may use local srorage or shared storage to host user data/metadata). 

Regarding Claim 45, Kruse in view of Factor discloses the at least one computer readable storage medium of claim 43, wherein the instructions, when executed, cause the computing system to receive the executable view generation library from a data access binder (Kruse, col 4, line 55-60, since some of the data are sensitive or restricted from access by other unauthorized customers, it can be desirable for the environment to provide some type of security mechanism. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding claim 46, Kruse in view of Factor discloses the at least one computer readable storage medium of claim 45, wherein the instructions, when executed, cause the computing system to:
conduct a self-extraction; conduct a self-installation; measure an opaqueness of the executable view generation library; and send the opaqueness to the data access binder (Kruse, col 7, line 25-35, the data for the request can be analyzed to determine one or more portions, subsets or fields of data that are sensitive and thus should be obfuscated before being provided in response to the request. The data to be obfuscated can be determined using any appropriate policy, rule, role or other access criteria. Col 8, line 1-15, the recipient can extract the ciphertext from the token and having a copy of the second key can decrypt the ciphertext in order to access the underlying plaintext. Factor, ¶[introduction], user requests run with sufficient privileges to access any tenant’s data; the code of each component is responsible for authorizing requests based on the requester’s credential).

Regarding claim 47, Kruse in view of Factor discloses the at least one computer readable storage medium of claim 43, wherein the executable view generation library is to be stored to a trusted region of the client-side address space (Kruse, protected location such as trusted platform module (TPM). Also Factor, ¶[system model], page 3, dedicated hardware or dedicated virtual machines are given for users/tenants. The underlying hardware as well as the multi-user operating systems to provide secure isolation between processes of different OS users. One uid (OS user) can not access resources belonging to another uid. If a process is compromised by an attacker, the attacker can run arbitrary code under the uid that started the process).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/WASIKA NIPA/           Primary Examiner, Art Unit 2433