DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/13/2022 has been entered.
 Response to Amendment
The amendments filed 7/13/2022 have been accepted. Claims 1-5, 7-15, and 17-20 are still pending. Claims 1-5, 7-11, 19, and 20 are amended. Claims 6 and 16 have been canceled. Applicant’s amendments to the claims have overcome each and every objection and 103 rejection previously set forth in the Final Office Action mailed 5/13/2022.
Claim Objections
Claim 1 objected to because of the following informalities:  claim 1 contains the limitation “updating, replacing, or altering selective portions of data or code on the second memory device in which integrity has been unconfirmed by forensics analysis of the second memory device and maintaining other portions of the data or code in which integrity hamemory device .  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-9, 11-15, 17, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bye et al. (US PGPub 2014/0047548, hereafter referred to as Bye) in view of Li (US PGPub 2020/0327025) in view of Mosayyebzadeh et al, Supporting Security Sensitive Tenants in a Bare-Metal Cloud, 2019 USENIX Annual Technical Conference (USENIX ATC 19), 2019 (hereafter referred to as Mosayyebzadeh2019).
Regarding claim 1, Bye teaches a non-transitory processor-readable medium including instructions executable by one or more processors, and when executed operable for: determining that a computer system used by a first user employing a first memory device is slated to be relinquished at a future time (Paragraph [0041] and [0051], states that the master trusted application can allocate resources to subordinate trusted zones and can do so based on a schedule (meaning the first device is slated to be relinquished at some point in time)), preparing a second memory device for use by the computer system by a second user subsequent to the first user (Paragraph [0049]-[0051], the master trusted application can allocate resources, including memory to subordinates meaning it would have to prep one or many memory devices for use by the subordinate. Fig. 9 and Paragraphs [0074], show the computer system that can be used which includes multiple memory devices that can contribute to the overall memory resources of the system that can be allocated), detecting that the computer system has been relinquished by the first user (Paragraph [0041] and [0051], as stated previously the subordinates can be scheduled for specific times meaning the master application will know when the first trusted application is done with specific resources), and in response to the detecting relinquishment of the computer system, enabling the second user to use the computer system in communication with the second memory device (Paragraph [0049]-[0051], the system can be used by the second trusted application when it is scheduled to use it meaning the system would be enabled to be used and the second memory device would have to be in communication with the system if it is allocated to the application. Since this is done by a schedule it means that the enabling and transition is done based on the first trusted application relinquishing the system so the second can use it). Bye does not teach preparing a second memory device to be interchanged with the first memory device, wherein preparing further includes: updating, replacing, or altering selective portions of the data or code on the second memory device in which integrity has been unconfirmed by the forensics analysis of the second memory device and maintaining other portions of the data or code in which integrity has been confirmed by the forensic analysis, while the first memory device is in use by the computer system, preparing a third memory device to be interchanged with the second memory device for use of the computer system by a third user subsequent to the second user, wherein preparing the third memory device includes: performing forensics analysis on the third memory device to confirm integrity of data or code of the third memory device, and employing a memory swapping system to electronically position the second memory device in place of the first memory device in response to the detecting.
Li teaches while the first memory device is in use by the computer system, preparing a second memory device to be interchanged with the first memory device (Paragraph [0055], [0071], and [0076], states that devices can be taken offline for servicing and that if multiple devices are to be taken offline then they can be taken offline sequentially or in groups while the other devices are being used by the system. This means that once the first devices are done being serviced, they can then be brought back online to take over while the other devices are then taken offline to be serviced. Paragraph [0055], states that while a device is offline another device can be used to temporarily store the data meant for the other device), wherein preparing further includes: updating, replacing, or altering selective portions of data or code on the second memory device, and maintaining other portions of the data or code in which integrity has been confirmed by the forensics analysis (Paragraph [0062], gives the reasons for the devices to be taken offline which includes updating firmware, performing background tasks, or failure/potential failure of the storage unit meaning that the servicing requires identifying the reason for service and performing that service (updating firmware especially would require updating/altering data or code) by altering the data/code of the device being serviced. With the firmware update this means that the code for the firmware was determined to need service while the rest of the data/code on the device is still maintained), and employing a memory swapping system to electronically position, via a switch, the second memory device in place of the first memory device in response to the detecting (Fig. 3 and Paragraph [0055], show the architecture of a data cluster in the system that has connections that allow devices to be taken on and offline. Since the writes can be redirected to other devices for storage until a device is brought back online it means that there has to be a switching system of some kind to allow the redirection of writes. While not explicitly stated that a switch is used for the swapping of devices, a switch or equivalent mechanism must exist that allows the system to take devices offline and put others online for hosts to use). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bye to incorporate the servicing method of Li so as to enable servicing of a secondary storage unit while maintaining data availability (Li, Paragraph [0047]). Bye and Li do not teach performing an action on the second memory device in which integrity has been unconfirmed by forensics analysis of the second memory device and performing a different action in which integrity has been confirmed by the forensics analysis.
Mosayyebzadeh2019 teaches performing an action on the second memory device in which integrity has been unconfirmed by forensics analysis of the second memory device and performing a different action in which integrity has been confirmed by the forensics analysis  (Section 2, Threat Model, states that one of the threats to check for is malicious firmware that can threaten the integrity of the secure enclave. Fig. 1 shows the process of performing the forensic analysis before officially assigning the node to a tenant. This is also further reiterated in Section 6, Addressing the Threat Model), and while the first memory device is in use by the computer system, preparing the third memory device which includes performing forensics analysis on the third memory device to confirm integrity of data or code of the third memory device (Section 2 and 6, as stated previously, before a device is allocated to a tenant it’s integrity is checked. Section 7.3, also shows that multiple servers can be concurrently booting and each being attested. While it does not explicitly state that this is done while a first memory is in use, Section 4.3, Use Cases, describes cases of three different tenants that would be using the services offered showing that multiple tenants can be active and using the system. Section 6 also goes into more detail about what happens before and after occupancy where the device will be readied for another tenant, meaning the first tenant can still be active and using other devices, as it states that a device can be removed from that tenant’s conclave, not that the tenant is fully offline or finished. One of ordinary skill in the art would recognize that the system is meant for a continued use in providing services to multiple tenants in a cloud environment which means multiple tenants would be active). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bye and Li to implement the secure deployment system of Mosayyebzadeh2019 so to free the provider from the complexity of having to directly support these demanding customers and avoids impact to customers that are less security sensitive (Mosayyebzadeh2019, Section 9, Concluding Remarks).
Regarding claim 2, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 1. Li further teaches preparing the second memory device to be interchanged with the first memory device (Paragraph [0055], [0071], and [0076], as stated in the rejection to claim 1). Bye further teaches employing a cloud service to communicate with the memory swapping system (Paragraph [0081], states the system can be a cloud storage system). The combination of and reason for combining are the same as those given in claim 1.
Regarding claim 3, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 2. Mosayyebzadeh2019 further teaches employing the cloud service to communicate with a Root of Trust (ROT) of the memory swapping system to facilitate the forensics analysis and the selectively updating or altering data or code on the second memory device in response to the performing (Section 5, Implementation, states that the system is using Keylime as an attestation service which uses a root of trust to check/verify the security and integrity of the data or code of a node. Further details of Keylime are outlined in Schear et al., Bootstrapping and maintaining trust in the cloud, Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016). The combination of and reason for combining are the same as those given in claim 1.
Regarding claim 4, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 2. Mosayyebzadeh2019 further teaches employing a Root of Trust (ROT) processor in communication with a switch to facilitate interchanging the first memory device with the second memory device (Fig. 1 and Section 4, Architecture, shows the process of assigning the memory device to a particular tenant which does involve a Root of trust and a switch (it is a cloud network setup so some kind of routing mechanism is has to be present) that is used to switch out devices. This is further confirmed by looking at Section 2 and 6, which outlines the security design for the system, particularly when dealing with prior occupancy as well as Section 5 which shows the hardware isolation layer that contains the switches). The combination of and reason for combining are the same as those given in claim 1.
Regarding claim 5, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 4. Mosayyebzadeh2019 further teaches further including employing a service processor in communication with the switch to facilitate interfacing one or more operations of the computer system initiated by a user of the computer system, with the first memory device or the second memory device, depending upon whether the first memory device or the second memory device, respectively, has been prepared, via a background updating process, for use by the computer system (Fig. 1 and Section 5, Implementation, show the process of verifying a device and using the switches of the provider to interface the nodes with the tenant’s network). The combination of and reason for combining are the same as those given in claim 4. 
Regarding claim 7, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 1. Li further teaches wherein the first memory device and the second memory device represent non-volatile memories (Paragraph [0067], the storage units can be hard drives or SSDs). The combination of and reason for combining are the same as those given in claim 1.
Regarding claim 8, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 7. Bye further teaches wherein the tangible processor-readable medium is incorporated in a networked computing environment (Fig. 1 and Paragraph [0081], show that the system is in a network environment and can be a cloud computing environment). The combination of and reason for combining are the same as those given in claim 1.
Regarding claim 9, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 8. Bye further teaches wherein the computing environment includes a cloud-based computing environment (Paragraph [0081], as stated in the rejection to claim 8). The combination of and reason for combining are the same as those given in claim 1.
Regarding claims 11-18, claims 11-18 are the method claims associated with claims 1-7, and 9. Since Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claims 1-7, and 9, they also teach all the limitations of 11-18; therefore the rejections to claims 1-7, and 9 also apply to claims 11-18.
Regarding claim 20, claim 20 is the apparatus claim associated with claim 1. Since Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 1 and Bye further teaches one or more processors and logic encoded in one or more tangible media for execution by the one or more processors (Paragraph [0082]), they also teach all the limitations of claim 20; therefore the rejection to claim 1 also applies to claim 20.

Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Bye, Li, and Mosayyebzadeh2019 as applied to claims 1 above, and further in view of Liu et al. (US PGPub 2020/0218821, hereafter referred to as Liu).
Regarding claim 10, Bye, Li, and Mosayyebzadeh2019 teach all the limitations of claim 1. Bye, Li, and Mosayyebzadeh2019 do not teach wherein forensics analysis includes: employing one or more hashes or Cyclic Redundancy Checks (CRC), or other codes to ascertain an indication as to whether or not a set of data and/or computer code has been modified or otherwise tampered, replaced, or augmented on the first memory device or the second memory device.
Liu teaches wherein forensics analysis includes: employing one or more hashes or Cyclic Redundancy Checks (CRC), or other codes to ascertain an indication as to whether or not a set of data and/or computer code has been modified or otherwise tampered, replaced, or augmented (Paragraph [0146] and [0152], kernel attestation/verification can be done (checking the kernel to ensure it hasn’t been modified). This can be done using kernel digest stores that use CRC or checksum values). Since both Bye/Li/Mosayyebzadeh2019 and Liu teach performing forensic analysis it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the method employed for the forensic analysis of Bye, Li, and Mosayyebzadeh2019 for that of Liu to obtain the predictable result of employing one or more hashes or Cyclic Redundancy Checks (CRC), or other codes to ascertain an indication as to whether or not a set of data and/or computer code has been modified or otherwise tampered, replaced, or augmented on the first memory device or the second memory device.
Regarding claim 19, claim 19 is the method claim associated with claim 10. Since Bye, Li, Mosayyebzadeh2019, and Liu teach all the limitations of claim 10, they also teach all the limitations of claim 19; therefore the rejection to claim 10 also applies to claim 19.
	
Response to Arguments
Applicant’s arguments with respect to claims have been considered but are moot because the applicant amended the claims with the limitation “while the first memory device is in use by the computer system, preparing a third memory device to be interchanged with the second memory device for use of the computer system by a third user subsequent to the second user, wherein preparing the third memory device includes: performing forensics analysis on the third memory device to confirm integrity of data or code of the third memory device” to overcome the prior rejections set forth in the Final Rejection mailed 5/13/2022.
To address this, new reference Mosayyebzadeh2019 was incorporated into the rejection to help teach the amended limitation as this is a follow up paper of Mosayyebzadeh that goes into further detail as to how the system works and gives use cases that can be present and can be shown to perform the forensic analysis and prep on offline devices while another device is in use. While Mosayyebzadeh2019 and Mosayyebzadeh do allow for a tenant to have their own security it does not negate the fact that before a tenant is even allocated a device, that device is checked for validity using the “airlock” that is specified in the paper and shown in Fig. 1. This is when the forensic analysis is performed by the system before allocating the device to the tenant. A tenant can have their own security setup if they do not trust the provider in addition to this step as seen in the presented use cases in Section 4.3
		
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS A PAPERNO whose telephone number is (571)272-8337. The examiner can normally be reached Mon-Fri 9:30-5 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on 571-270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/N.A.P./Examiner, Art Unit 2132                                                                                                                                                                                                        
/DAVID YI/Supervisory Patent Examiner, Art Unit 2132