DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-25 are pending.

Response to Amendment

Applicant has amended independent claims 1, 16, 21 and dependent claims 2, 20 to include new/old limitations in a form not previously presented necessitating new search and considerations.  


Specification


The disclosure is objected to because of the following informalities: 
-- XasS -- is abbreviated without reciting full form in [0158].  
Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-25 are rejected under 35 U.S.C. 112 (b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or joint inventor regards as the invention.


A.	The following claim language is not clearly understood:


Claim 1 lines 16-17 recite the partition the memory into a plurality of shared memory region. It is unclear if the shared memory region is partitioned into separate memory regions or memory is partitioned into shared memory region. It is also unclear if the shared memory region is shared by plurality of services or plurality of workloads.
Claims 16 and 21 recites elements of claim 1 and have similar deficiency as claim 1. Therefore, they are rejected for the same rational. Remaining dependent claims 2-15, 17-20 and 22-255 are also rejected due to their dependency on the rejected independent claims.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 10-12, 15-16, 21-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 2019/0042315 A1, hereafter Smith) in view of Behnen et al. (US 2008/0115135 A1, hereafter Behnen).
Smith was cited in and IDS filed on 02/23/2021. 


As per claim 1, Smith teaches the invention substantially as claimed including a system comprising: 
memory; and 
processing circuitry coupled to the memory ([0056]), the processing circuitry configured to: 
obtain a workflow execution plan ([0021] receiving a workload from client, create execution plan), the workflow execution plan including workload metadata, the workload metadata defining a plurality of workloads associated with a plurality of edge service instances ([0021] execution plan, FaaS nodes, complete client workload, organize plurality of FaaS nodes, perform, task [0019] edge FaaS node, edge device [0023] request, SLA requirements, security procedure, geographic restrictions [0024] parameter contained received request), the plurality of edge service instances executing on one or more edge computing devices within an edge computing system (fig. 1 edge-cloud FaaS edge FaaS node 140 edge device 135 [0024] [0016] edge FaaS containers); 

translate the workload metadata using a translation function to obtain workload configuration information for the plurality of workloads ([0021] execution plan, FaaS nodes, complete client workload, organize plurality of FaaS nodes, perform, task, transmit request, FaaS nodes, complete portion of the task [0022] FDE, decompose the workload, into sub-tasks, correspond, FaaS node functions [0023] request, SLA requirements, security procedure, geographic restrictions [0024] FaaS nodes, arranged, execute, function, given parameter contained received request, container, abstraction, enables, isolate workloads or multiplex tasks on the FaaS nodes), the workload configuration information identifying a plurality of memory access configurations and service authorizations ([0022] FDE, decompose the workload, into sub-tasks, correspond, FaaS node functions [0023] request, SLA requirements, security procedure encrypted memory/storage, geographic restrictions [0024] memory encryption, function execution, workload, encrypted, key, unique), the plurality of memory access configurations associated with access to the memory ([0023] request, SLA requirements, security procedure encrypted memory/storage, geographic restrictions [0024] memory encryption, function execution, workload, encrypted, key, unique), and the service authorizations identifying at least one edge service instance of the plurality of edge service instances authorized to access one or more of the plurality of memory access configurations ([0023] request, SLA requirements, security procedure encrypted memory/storage, geographic restrictions [0024] isolate workloads or multiplex tasks, FaaS nodes, container, memory encryption, function execution, workload, encrypted, key, unique, each client/tenant [0016] edge FaaS containers); 
partition the memory into a plurality of shared memory regions using the plurality of memory access configurations ([0024] container, abstraction, hardware, FaaS node, hardware accessible, software executing on the FaaS node, isolate workload, container, employs memory encryption,  function execution, workload, encryoted, key [0030] public/private blockchain [0016] edge FaaS containers [0053] registers, main memory, storage); and 
process a memory access request for accessing at least one of the plurality of shared memory regions based on the service authorizations ([0024] parameter received, received request, function, container, workload, encrypted, key, unique, each client, tenant, hardware accessible to software executing on the FaaS node), the memory access request received from an edge service instance of the plurality of edge service instances ([0024] received request, function, execution, container, hardware accessible to software executing on the FaaS node, employs memory encryption for the function execution [0016] edge FaaS containers [0053] registers, main memory, storage).

Smith doesn’t specifically teach workflow execution plan, workload metadata, translation function (although these terms are indirectly taught by Smith).

Behenen, however, teaches workflow execution plan (fig. 5 load BPEL4ETL file 502 [0028]BPEL4ETL file, which contains ETL activity definitions for a particular process, and as a result of the processing triggers the execution of these activities [0039] BPEL + ETL [0027] process flow, BPEL, combination of processing nodes and data transformation activities), workload metadata ([032] BPEL flow instance, many attribute values, variable definitions [0032] BPL4ETL includes [0033] domain specific attribute value [0035] specific dataflow execution metadata for each dataflow activity [0046] ETL metadata), translation function ([0001] transformation steps, data flow, application programs, command execution).
It would have been obvious to one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Smith with the teachings of Behenen of BPL4ETL file comprising process flow comprising combination of processing nodes and data transformation activities, transformation steps to improve efficiency and allow workflow execution with metadata and a translation function to the method of Smith as in the instant invention.

		
As per claim 2, Smith teaches wherein the processing circuitry is further configured to: translate the workload metadata using the translation function to obtain a plurality of functions scheduled for execution on the one or more edge computing devices ([0022] FDE, decompose the workload, into sub-tasks, correspond, FaaS node functions [0024] FaaS nodes, arranged, execute, function, given parameter [0048]).
Behnen teaches the remaining claim elements of translation function ([0001] transformation steps, data flow, application programs, command execution).

As per claim 3,  Smith teaches wherein the plurality of functions includes one or more of the following: 
named function networking (NFN) functions; and 
Function-as-a-Service (FaaS) functions ([0029] FaaS function).  


As per claim 10, Smith teaches wherein the plurality of memory access configurations includes: 
a memory range associated with a protected memory region of the plurality of shared memory regions ([0029]MKTME, memory pages, associated, different workloads), wherein a trusted execution environment (TEE) of the edge computing device is configured using the protected memory region ([0029]FaaS function processor, security, facilitate, TEE, MKTME, memory pages, associated, different workloads).  

As per claim 11, Smith teaches wherein the plurality of memory access configurations includes a plurality of secure keys for accessing respective memory regions of the plurality of shared memory regions ([0024] FaaS node, execute, function, container, workload encrypted, key [0029]MKTME, memory pages, associated, different workloads).  

As per claim 12, Smith teaches configure a virtual memory space mapped to at least one of the plurality of shared memory regions and to a second virtual memory space in an edge computing device of the one or more edge computing devices ([0029] FaaS function processor, isolate, execution, different workload, security between different tenant workload, virtual machine level partitioning, memory pages, associated, different workloads), the edge computing device authorized to access the at least one of the plurality of shared memory regions ([0024] FaaS node, execute, function, container, workload encrypted, key [0029]MKTME, memory pages, different workloads ).  

As per claim 15, Smith teaches wherein the edge computing system is an Edge-as-a-Service (EaaS) system ([0019] edge-cloud FaaS, edge FaaS node ), and wherein the one or more edge computing device is an EaaS microservice node ([0019] edge FaaS node 140, edge devices 135).

Claim 16 recites at least one non-transitory machine-readable storage medium comprising instructions, wherein the instructions, when executed by a processing circuitry of an edge computing device operable in an edge computing system, cause the processing circuitry to perform operations similar to those of claim 1. Therefore, it is rejected for the same rational.

Claim 21 recites a method performed by an edge computing device operable in an edge computing system, comprising limitations similar to those of claim 1. Therefore, it is rejected for the same rationales.

Claim 22 recites elements of claim 2. Therefore, it is rejected for the same rational.

Claims 4-9, 17-20, 23-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Behnen, as applied to above claims, and further in view of Ahmed (US 2019/0036678 A1).

As per claim 4, Smith teaches wherein the plurality of functions includes a homomorphic function ([0022] decompose the workload, sub-tasks, directly corresponds to the FaaS node functions), and the processing circuitry is further configured to: 
register a function identification and a function bitstream of the homomorphic function with a shared protected memory region of the plurality of shared memory regions ([0020] published functions provided by the FaaS nodes [0053] register of processor, main memory).  
Smith and Behnen don’t specifically teach homomorphic function, and a function bitstream of the homomorphic function.
Ahmad, however, teaches homomorphic function ([0014] homomorphic encryption), and a function bitstream of the homomorphic function ([0014] encrypts, plaintext, encrypted data [0087] homomorphically encrypting, plain text data, plain text data comprising plurality of bits [0436] bitstream ).

It would have been obvious to one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Smith and Behenen with the teachings of Ahmad of homomorphically encrypting plain text data comprising plurality of bits to improve efficiency and allow homomorphic function, and a function bitstream of the homomorphic function to the method of Smith and Behenen as in the instant invention.

As per claim 5, Smith teaches wherein the plurality of memory access configurations includes: 
a memory range associated with the shared protected memory region, the memory range storing encrypted data ([0029] multi-key total-memory encryption of memory pages assigned to different workloads); 
device identification information of respective devices of the one or more edge computing devices authorized to access the homomorphic function ([0023] request, identifies, target [0024] FaaS node, container, memory encryption, function, FaaS node, arranged, execute, given parameters, received in the request); and 
wherein the service authorizations identify a subset of the plurality of edge service instances authorized to access the memory range associated with the shared protected memory region ([0023] request, identifies, target [0024] FaaS node, container, memory encryption, function, each workload is encrypted with a key, unique,  [0029] multi-key total-memory encryption of memory pages assigned to different workloads [0044] container, employs, memory encryption for the function execution).  
Ahmad teaches remaining claim elements of homomorphic function ([0014] homomorphic encryption).

As per claim 6, Smith teaches wherein the encrypted data stored in the memory range associated with the shared protected memory region is protected via homomorphic encryption using the function bitstream of the homomorphic function ([0029] multi-key total-memory encryption of memory pages assigned to different workloads).  
Ahmad teaches remaining claim elements of protection via homomorphic encryption using the function bitstream of the homomorphic function ([0014] homomorphic encryption, encrypts, plaintext, encrypted data [0087] homomorphically encrypting, plain text data, plain text data comprising plurality of bits [0436] bitstream).

As per claim 7, Smith teaches wherein the memory access request identifies an edge service instance of the plurality of edge service instances requesting the memory access ([0023] FaaS nodes, request, execute, function, identifies a target [0024] FaaS node, arranged, execute, given parameters, received in the request) and an edge computing device of the one or more edge computing devices executing the requesting edge service instance ([0024] function executed in a container, container, FaaS node).  

As per claim 8, Smith teaches wherein the processing circuitry is further configured to: perform one or more data transformations on the encrypted data to process the memory access request ([0023] request, includes, security procedure e.g. encrypted memory [0024] container, employs, memory encryption, function, execution), when the device identification information identifies the edge computing device executing the requesting edge service instance ([0023] FaaS nodes, request, execute, function, identifies a target [0024] FaaS node, arranged, execute, given parameters, received in the request).  

As per claim 9, Smith teaches to offload performing of the one or more data transformations on the encrypted data to at least one edge computing device of the one or more edge computing devices authorized to access the homomorphic function ([0023] FaaS nodes, request, execute, function, identifies a target [0024] FaaS node, arranged, execute, given parameters, received in the request, container, memory encryption, workload, encrypted, key).


Claim 17 recites some of the elements of claim 5. Therefore, it is rejected for the same rational.

As per claim 18, Smith teaches wherein the service authorizations include process address space IDs (PASIDs) identifying a subset of the plurality of edge service instances authorized to access the memory range associated with the shared memory region ([0024] FaaS node, execute, function, parameter, container, memory encryption, key [0029] FaaS function processor, isolate, execution, of different workload, applying MKTME of memory pages assigned to different tenant workloads [0036] FaaS processor identity).  

As per claim 19, Smith teaches wherein the memory access request includes a PASID of an edge service instance of the plurality of edge service instances requesting the memory access and identifies at least a second edge computing device of the one or more edge computing devices executing the requesting edge service instance ([0021] receiving workload from the client, transmit the request to plurality of FaaS nodes[0024] FaaS node, execute, function, parameter, container, memory encryption, key [0029] FaaS function processor, isolate, execution, of different workload, applying MKTME of memory pages assigned to different tenant workloads [0036] FaaS processor identity ).  

As per claim 20, Smith teaches perform a memory read or a memory write operation on the data stored in the shared memory region to process the memory access request ([0023] memory/storage encrypted[0024] received request, [0029] FaaS processors,  different workloads, executing, function) when the device identification information identifies the second edge computing device executing the requesting edge service instance ([0023] request, identifies, target [0024] FaaS node, container, memory encryption, function, FaaS node, arranged, execute, given parameters, received in the request) and the PASID within the service authorizations include the PASID within the memory access request ([0029] FaaS function processor, isolate, execution, of different workload, applying MKTME of memory pages assigned to different tenant workloads [0036] FaaS processor, identity key, e-wallet key, register identity, FaaS processor, identity, user, sign the FaaS processor).
Claim 23 recites elements of claim 4. Therefore, it is rejected for the same rational.
Claim 24 recites elements of claim 5. Therefore, it is rejected for the same rational.
Claim 25 recites some of the  elements of claim 5. Therefore, it is rejected for the same rational.


Claims 13-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Behnen, as applied to above claims, and further in view of Jenkins (US 2014/0365549 A1).

As per claim 13, Smith teaches wherein the virtual memory space is mapped to the second virtual memory space in the edge computing device using a distributed lock manager (DLM) service ([0029] FaaS function processor, isolate, execution, different workload, security between different tenant workload, virtual machine level partitioning, memory pages, associated, different workloads).  
Smith and Behnen, in combination, do not specifically teach using a distributed lock manager.
Jenkins, however, teaches edge computing device using a distributed lock manager ([0063] distributed lock manager fig. 4 426).

It would have been obvious to one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Smith and Behenen with the teachings of Jenkins of distributed lock manager to improve efficiency and allow using distributed lock manager by the edge computing device  to the method of Smith and Behenen as in the instant invention.


As per claim 14, Smith teaches to: 
update data stored in the at least one of the plurality of shared memory regions based on the memory access request ([0029] FaaS function processor, isolate, execution, different workload, security between different tenant workload [0024] given parameter, request, container, hardware accessible to software executing on the FaaS noed, isolate wokload, employs memory encryption, synchronize the state among different FaaS nodes [0025] updated state to state already recorded in the blockchain); and 
map the updated data stored in the at least one of the plurality of shared memory regions to the virtual memory space and to the second virtual memory space in the edge computing device via the DLM service ([0029] FaaS function processor, isolate, execution, different workload, security between different tenant workload, virtual machine level partitioning, memory pages, associated, different workloads ).  
		
	Jenkins teaches remaining claim elements of a DLM ([0063] distributed lock manager fig. 4 426).

Response to Arguments
Application Number: 16/723,358 Dkt: 1884.965US1Title: MULTI-TENANT DATA PROTECTION IN EDGE COMPUTING ENVIRONMENTS
Some of the previous objections to the specification have been withdrawn. However, some of the previous objections to the specifications have been maintained.
The previous 112(f) interpretation of the claims have been withdrawn.
The previous 112(b) rejections have been withdrawn. However, some new objections have been made.
Applicant's arguments filed on 07/06/2022 have been fully considered but they are moot in view of new ground of rejection.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
CAI et al. (US 2022/0141761 A1 ) teaches Dynamic Access Network Selection Based On Application Orchestration Information In An Edge Cloud System.
Seligson et al. (US 2015/0271169 A1) teaches Authentication Of Client Devices In Networks
Wei (US 2021/0373537 A1) teaches Data Security Sharing Method In Multi-Edge Node Collaboration Mode Under Industrial Cloud Environment


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU ZAR GHAFFARI whose telephone number is (571)270-3799. The examiner can normally be reached Monday-Thursday 9:00 - 17:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai AN can be reached on 571-272-3756. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ABU ZAR GHAFFARI
Primary Examiner
Art Unit 2195



/ABU ZAR GHAFFARI/Primary Examiner, Art Unit 2195