DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
	The amendment filed 12 August 2022 has been entered. Claims 1-25 remain pending in the application. Applicant’s amendments to the Claims in regards to the 35 U.S.C. §101rejection have corrected the eligible subject matter noted in Non-Final Office Action mailed 13 May 2022 and as such, the rejection is withdrawn.

	Response to Arguments
Applicant's arguments filed 12 August 2022 have been fully considered but they are not persuasive.
In response to applicant’s argument on numbered Page 11 “However, neither paragraph [0017] nor Figure 3 discloses that any node of the integrity tree 75 stores a pointer”, examiner respectfully disagrees and notes the following:
	As noted by Applicant, Boivie teaches an integrity tree in [0017]. A defining feature of an integrity tree is pointers in each node to point to the location of the previous node and the next node in the tree if there is one (see extrinsic evidence from Carnegie Mellon University). While some databases may store tree nodes in a table format, and binary trees also exist, Boivie doesn't teach or suggest anything other than a standard tree data structure. Therefore, by teaching a tree data structure, Boivie is also teaching the use of points to walk the tree. Boivie also teaches in [0016] that the address of the protected node is an integral portion of the meta data stored in the meta data blocks discussed in [0017]. This is further reinforced when Hall et al (US 2004/0107341 A1) is reviewed. Boivie incorporates this reference in [0017] to further explain the details of the integrity tree. As can be seen in [0027] of Hall, each node of the tree incorporates pointers to link the nodes together.
	
In response to applicant’s argument on numbered Page 11 “Moreover, the arrows in Figure 3 flow the wrong direction to be a trail of pointers where a branch node specifies a pointer to an address of a child node. In contrast to the arrows flowing from the bottom of the tree up towards the root 99 at the top as actually shown in Figure 3, to support the OA's suggestion”, examiner respectfully disagrees and notes the following:
	The reference to Fig. 3 was not to teach the direction of pointers, as that is not depicted in Fig. 3, but to teach an integrity tree with root, branch, and leaf nodes. As previously noted, Boivie teaches an integrity tree in [0017] which by definition contains pointers to walk the tree, with addresses specifically included in the metadata in [0016]. This is further reinforced by [0019] and [0020] of Boivie in which a write operation and a read operation are taught. The write operation starts at the node being written, then updates all of the nodes from the starting node to the root with updated integrity values (which includes addressing I.E. pointers). The read operation starts at the root, and then walks the tree from node to node until the target node is found. This would not be possible without pointers. In addition, Boivie incorporates Hall et al (US 2004/0107341 A1) in [0017] to further explain the details of the integrity tree. As can be seen in [0027] of Hall, each node of the tree incorporates pointers to link the nodes together.

In response to applicant’s argument on numbered Pages 11-12 “Thus, there is no teaching of a branch node including a branch entry comprising a pointer or of a branch node storing a pointer for specifying an address of a child node of the branch node”, examiner respectfully disagrees and notes the following:
As previously noted, Boivie teaches an integrity tree in [0017] which by definition contains pointers to walk the tree, with addresses specifically included in the metadata in [0016].
	
	As the argument for all other claims are substantially similar to the argument for claim 1 above, Examiner also respectfully disagrees for at least the same reasons as above.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-2, 5-7, 12-15, and 19-25 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Boivie et al (US 2005/0050342A1) hereinafter referred to as Boivie.

	Regarding claim 1, Boivie teaches An apparatus comprising:
 	memory access circuitry to control access to data stored in a memory (Boivie Fig. 1 Disk storage 21; [0015] "FIG. 1 depicts a secure storage area network system 10 implementing the storage utility of the present invention. As shown in FIG.1, a data source providing the plaintext data to be stored in the storage utility 15 implementing storage media such as disk 21 and tape 22, for example, resides in a device such as server device 12. It is understood that other non-volatile types of storage media, e.g., optical, magnetic, compact, Flash disks, etc. may be implemented and, as well, volatile storage media"; magnetic and flash disks both contain memory and circuitry designed to access said memory); and
 memory integrity checking circuitry to verify integrity of data stored in the memory, using an integrity tree comprising a plurality of nodes (Boivie Fig. 1; Fig. 3; [0015] "A block of data that is written out to the storage utility is encrypted according to a process provided in a security software program 20 executing at the server to generate ciphertext for storage in the storage utility 15"; the server (memory integrity checking circuitry) verifies data integrity using a tree structure as seen in Fig. 3 which utilizes a plurality of nodes) including:
at least one leaf node comprising at least one leaf entry comprising at least one integrity tag for verification of a corresponding address block of data stored in the memory (Boivie Fig. 3; [0016] "An integrity value 63 is also computed and stored at the client whenever a block is written out to the storage utility"; [0017] "This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk"; as seen in Fig. 3, the integrity tree of Boivie contains multiple leaf nodes, each with an entry that protects the integrity of the data stored in memory); and
 		at least one branch node comprising at least one branch entry (Boivie Fig. 3; multiple branches can be seen in Fig. 3) comprising:
 			a pointer for specifying an address of a child node of the branch node,  where the child node is a leaf node or a further branch node of the integrity tree, 
 and at least one integrity checking value for verification of a corresponding branch entry or leaf entry of the child node (Boivie Fig 3; [0017] FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86. The "meta-data" disk block 86 in turn must be protected. In one variation of this data storage integrity scheme 75 illustrated in FIG. 3, the <integrity value, version number> pair for this meta-data disk block is combined with those of other nearby meta-data blocks and written to a higher-level meta-data block 96 which is in turn protected. This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk"; each node points to the next node as can be seen in Fig. 3 until the desired node is eventually found (See Hall et al (US 2004/0107341 A1), which is incorporated by reference in its entirety by Boivie, [0027]). Each node contains the integrity checking value for itself as well as the nearby nodes (branch and child node)).

Independent claims 23, 24, and 25 have substantially the same scope and limitations as claim 1 as they are respectively the corresponding Method, first Non-transitory storage medium, and second Non-transitory storage medium claims. Therefore, claims 23, 24, and 25 are rejected under 35 U.S.C. 102(a)(1) for at least the same reasons as above.

Regarding claim 2, Boivie teaches The apparatus according to claim 1, in which the memory integrity checking circuitry is configured to verify integrity of information specified by a given branch entry, including the pointer, based on a corresponding integrity checking value specified in a parent node of the given branch node (Boivie Fig 3; [0017] FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86. The "meta-data" disk block 86 in turn must be protected. In one variation of this data storage integrity scheme 75 illustrated in FIG. 3, the <integrity value, version number> pair for this meta-data disk block is combined with those of other nearby meta-data blocks and written to a higher-level meta-data block 96 which is in turn protected. This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk"; each node points to the next node as can be seen in Fig. 3 until the root node is eventually found. each node contains the integrity checking value for itself as well as the nearby nodes (branch and child node)).

Regarding claim 5, Boivie teaches The apparatus according to claim 1, in which, in response to a request specifying a target address of a given address block of data stored in the memory, the memory integrity checking circuitry is configured to trigger a top-down traversal of the integrity tree from a root node to a given leaf node comprising the integrity tag corresponding to the given address block (Boivie Fig. 5; [0020] "FIG. 5 illustrates the steps involved in reading a disk block from the storage utility. In step 501, the first disk block on the path from the root of the integrity tree to the desired data or leaf disk block is read from the storage utility"; when traversing the tree, the system of Boivie starts at the root (top)).

Regarding claim 6, Boivie teaches The apparatus according to claim 5, in which in the top-down traversal, for a given parent-child node pair of the integrity tree on a path from the root node to the given leaf node, said given parent-child node pair comprising a given parent node and a given child node, the memory integrity checking circuitry is configured to: trigger a read operation to read a corresponding child entry of the given child node from a memory address calculated based on the pointer specified by a corresponding parent entry of the given parent node and an offset identified based on the target address of said given address block (Boivie Fig. 3; [0020] "FIG. 5 illustrates the steps involved in reading a disk block from the storage utility. In step 501, the first disk block on the path from the root of the integrity tree to the desired data or leaf disk block is read from the storage utility"; as can be seen in Fig. 3, each parent node (MD0-MD4) contains pointers to multiple data blocks. While Boivie does not positively recite the use of offsets, the structure shown in Fig. 3 of Boivie matches the structure shown in Fig. 9 of the supplied disclosure on the use of offsets. Therefore Boivie is also using offsets to identify specific data blocks within each parent node); and perform a verification operation to verify integrity of the corresponding child entry based on a corresponding integrity checking value specified in the corresponding parent entry of the given parent node (Boivie Fig. 5; [0020] "FIG. 5 illustrates the steps involved in reading a disk block from the storage utility. In step 501, the first disk block on the path from the root of the integrity tree to the desired data or leaf disk block is read from the storage utility. At step 502, the block's validity is checked with checksum and version information from the root of the integrity tree. If the integrity check fails, an integrity failure condition is signaled in step 503. On the other hand, if the block is determined to be valid, then a check is performed in step 504 to determine whether the block is the desired data or "leaf" block. If it is, the data is returned to the user in step 505").

Regarding claim 7, Boivie teaches The apparatus according to claim 6, in which, when the given parent node is a node other than a root node of the integrity tree: the memory integrity checking circuitry is to trigger the read operation to read the corresponding child entry of the given child node in parallel with performing the verification operation for a previous step of the top-down traversal, said verification operation for the previous step comprising verifying integrity of the corresponding parent entry based on a corresponding integrity checking value specified in a parent node of said given parent node (Boivie [0021] Note that disk blocks on the path from the root to the data disk blocks can be cached to improve performance. Note too, that with a modified integrity tree, such as the one described in co-pending patent application, YOR820020483, Parallelizable Authentication Tree for Random Access Storage, the integrity of disk blocks on the path from the root to the desired data can be checked in parallel, further improving performance).

Regarding claim 12, Boivie teaches The apparatus according to claim 1, in which in response to a memory access request for requesting access to data for a given address block, the memory access circuitry is configured to: perform access permission checking to check whether the given address block is allowed to be accessed (Boivie Fig. 5; [0020] "FIG. 5 illustrates the steps involved in reading a disk block from the storage utility. In step 501, the first disk block on the path from the root of the integrity tree to the desired data or leaf disk block is read from the storage utility. At step 502, the block's validity is checked with checksum and version information from the root of the integrity tree. If the integrity check fails, an integrity failure condition is signaled in step 503. On the other hand, if the block is determined to be valid, then a check is performed in step 504 to determine whether the block is the desired data or "leaf" block. If it is, the data is returned to the user in step 505"; [0016] "FIG. 2 illustrates an encryption scheme 40 for reading data from the storage utility device and a scheme 30 for writing data from the server to the storage device. As shown in FIG. 2, the encryption of a plaintext block to form storage ciphertext 90 is a function of the plaintext data 32, an encryption key 34 and a "whitening" value 36 which is a function of a whitening key 50, the block's "address" 52 and a "version number" value54 which is the value of a counter that is incremented each time a block is written"; by providing the encryption key, the system is verifying access permissions); and before the access permission checking is complete, provide a hint signal specifying an address of the given address block to the memory integrity checking circuitry (Boivie [0017] "FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86"; each node contains multiple <integrity value, version number> pair 80 (hints) of the nearby blocks. These are read before the nearby block is accessed, thus prior to access checking).

Regarding claim 13, Boivie teaches The apparatus according to claim 12, in which in response to the hint signal, the memory integrity checking circuitry is configured to trigger a read of at least one node of the integrity tree before the access permission checking performed by the memory access circuitry is complete (Boivie [0017] "FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86"; each node contains multiple <integrity value, version number> pair 80 (hints) of the nearby blocks. These are read before the nearby block is accessed, thus prior to access checking).

Regarding claim 14, Boivie teaches The apparatus according to claim 1, in which the memory integrity checking circuitry is configured to read a node of the integrity tree other than a root node from the same memory that stores the data protected by the integrity tree (Boivie [0017] FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86"; a metadata disk block is a node of the integrity tree, and is written to the disk and not the client device, thus is in the same storage device (disk) as the data).

Regarding claim 15, Boivie teaches The apparatus according to claim 1, in which the memory integrity checking circuitry is configured to read a node of the integrity tree other than a root node from a different memory to the memory storing the data protected by the integrity tree (Boivie [0016] "An integrity value 63 is also computed and stored at the client whenever a block is written out to the storage utility"; the integrity tree is stored at the client, while the data is stored at a cloud storage utility and is thus a different memory).

Regarding claim 19, Boivie teaches The apparatus according to claim 1, in which, in a given branch entry of a given branch node, each integrity checking value comprises an integrity tag derived as a function of the corresponding branch entry or leaf entry of the child node pointed to by the pointer of the given branch entry (Boivie [0017] "FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86. The "meta-data" disk block 86 in turn must be protected. In one variation of this data storage integrity scheme 75 illustrated in FIG. 3, the <integrity value, version number> pair for this meta-data disk block is combined with those of other nearby meta-data blocks and written to a higher-level meta-data block 96 which is in turn protected. This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk";).

Regarding claim 20, Boivie teaches The apparatus according to claim 1, in which, in a given branch entry of a given branch node, each integrity checking value comprises at least one integrity nonce for computing a corresponding integrity tag stored in the corresponding branch entry or leaf entry of the child node pointed to by the pointer of the given branch entry, said corresponding integrity tag derived as a function of the integrity nonce and other contents of the corresponding branch entry or leaf entry of the child node (Boivie [0016] "An integrity value 63 is also computed and stored at the client whenever a block is written out to the storage utility. The integrity value can be a sum (an "exclusive OR", for example) of all the plaintext in the disk block"; [0017] "FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86. The "meta-data" disk block 86 in turn must be protected. In one variation of this data storage integrity scheme 75 illustrated in FIG. 3, the <integrity value, version number> pair for this meta-data disk block is combined with those of other nearby meta-data blocks and written to a higher-level meta-data block 96 which is in turn protected. This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk";).

Regarding claim 21, Boivie teaches The apparatus according to claim 20, in which the given branch entry specifies a group of integrity nonces corresponding to respective branch entries or leaf entries of the child node, and a shared integrity tag derived as a function of the group of integrity nonces and an integrity nonce specified in a parent node of the given branch node (Boivie [0016] "An integrity value 63 is also computed and stored at the client whenever a block is written out to the storage utility. The integrity value can be a sum (an "exclusive OR", for example) of all the plaintext in the disk block"; [0017] "FIG. 3 illustrates the data storage integrity scheme 75 according to the present invention. As shown in FIG. 3, the integrity value for a disk block DO 76, also needs to be protected if the disk block itself is to be protected. As the version number also needs to be maintained and protected, an <integrity value, version number> pair 80 is saved for a given block 76. This pair is combined with similar pairs of other (nearby) disk blocks and written to a "meta-data" disk block 86. The "meta-data" disk block 86 in turn must be protected. In one variation of this data storage integrity scheme 75 illustrated in FIG. 3, the <integrity value, version number> pair for this meta-data disk block is combined with those of other nearby meta-data blocks and written to a higher-level meta-data block 96 which is in turn protected. This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk"; each node contains a group of integrity tags (nonces) that are each specific to a block. The integrity tag (nonce) for the higher level branch (parent) is shared in part by all of the lower level branches).

Regarding claim 22, Boivie teaches The apparatus according to claim 21, in which the group of integrity nonces comprises one of: a group of non-split counters specified independently for each branch entry or leaf entry of the child node; and a group of split counters, each split counter represented as a combination of: a major counter shared between the respective branch entries or leaf entries of the child node, and a minor counter specified separately for each branch entry or leaf entry of the child node (Boivie [0016] "As shown in FIG. 2, the encryption of a plaintext block to form storage ciphertext 90 is a function of the plaintext data 32, an encryption key 34 and a "whitening" value 36 which is a function of a whitening key 50, the block's "address" 52 and a "version number" value 54 which is the value of a counter that is incremented each time a block is written"; each block (leaf) has a counter that is incremented each time it is written to. While Boivie discloses a single counter for each node and not two counters for each node (split and non-split), mere duplication of parts is not necessarily patentably distinct. See MPEP 2144.04 section VI. REVERSAL, DUPLICATION, OR REARRANGEMENT OF PARTS part C. Rearrangement of Parts "In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960) (Claims at issue were directed to a water-tight masonry structure wherein a water seal of flexible material fills the joints which form between adjacent pours of concrete. The claimed water seal has a "web" which lies in the joint, and a plurality of "ribs" projecting outwardly from each side of the web into one of the adjacent concrete slabs. The prior art disclosed a flexible water stop for preventing passage of water between masses of concrete in the shape of a plus sign (+). Although the reference did not disclose a plurality of ribs, the court held that mere duplication of parts has no patentable significance unless a new and unexpected result is produced.)". Using multiple counters that count at the same time, does not create a new and unexpected result).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 16-18 is/are rejected under 35 U.S.C. 103 as being obvious over Boivie.

	Regarding claim 16, Boivie teaches The apparatus according to claim 1, in which the memory integrity checking circuitry is configured to read a root node of the integrity tree from an memory (Boivie [0023] "To enhance performance, encryption hardware may be provided at the customer end (in the processor itself or in a network adapter) to increase the performance of cryptographic and integrity operations on writes to and reads from the virtual disk. In the model described, the utility end does not require as much processing as the bulk of the encryption and integrity checking occurs at the customer end. To further enhance performance, the integrity tree or portions of the integrity tree may be cached at the customer end";). However, Boivie does not explicitly teach from an on-chip memory provided within the same integrated circuit as the memory integrity checking circuitry. It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the System of Boivie such that reading the root node is from an on-chip memory provided within the same integrated circuit as the memory integrity checking circuitry. All but the Last Level of the system cache are typically on board the CPU chip. As the system of Boivie teaches caching at least portions of the integrity tree, and the root is arguably the most important and most frequently accessed portion of the integrity tree, it would be obvious for a person of ordinary skill in the art prior to the earliest priority date to cache the root of the integrity tree in one of the on chip caches as these caches are faster than an off chip cache, thus improving the operation speed of the device and minimizing thrashing.

Regarding claim 17, Boivie teaches The apparatus according to claim 16, in which the root node comprises: a pointer for specifying an address of a top-level branch node of the integrity tree, where the top-level branch node is a child node of the root node (Boivie Fig. 3; [0016] "An integrity value 63 is also computed and stored at the client whenever a block is written out to the storage utility"; [0017] "This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk";); and at least one integrity checking value for verification of a corresponding branch entry of the top-level branch node (Boivie Fig. 3; [0016] "An integrity value 63 is also computed and stored at the client whenever a block is written out to the storage utility"; [0017] "This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk";).

Regarding claim 18, Boivie teaches The apparatus according to claim 17, in which in response to a request to add a level to the integrity tree (Boivie Fig. 3; [0016] "An integrity value 63 is also computed and stored at the client whenever a block is written out to the storage utility"; [0017] "This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk";), the memory integrity checking circuitry is configured to: store a new top-level branch node of the integrity tree to an address specified by software as being allocated for storing the new top-level branch node, the new top-level branch node including the pointer and the at least one integrity checking value previously specified by the root node (Boivie [0016] "FIG. 2 illustrates an encryption scheme 40 for reading data from the storage utility device and a scheme 30 for writing data from the server to the storage device. As shown in FIG. 2, the encryption of a plaintext block to form storage ciphertext 90 is a function of the plaintext data 32,an encryption key 34 and a "whitening" value 36 which is a function of a whitening key 50, the block's "address" 52 and a "version number" value54 which is the value of a counter that is incremented each time a block is written"; the address to which a block is written is an integral portion of the integrity tree encryption. When a node is to be written, it is written to a specific address, regardless of the level of branch, thus including a new top level branch. Each node contains a pointer to the next level of the tree and integrity values, in this instance the root of the tree); update the pointer of the root node to specify the address allocated for storing the new top-level branch node (Boivie [0017] "This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk";); and update the at least one integrity checking value of the root node to correspond to contents of the new top-level branch node (Boivie [0017] "This process continues in a manner such that a meta-data block hierarchy is formed comprising blocks including the higher-level meta-data blocks 96 which form a data structure referred to as an integrity tree having a root data structure 99 which protects the integrity of the entire virtual disk";).

Claims 3 and 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boivie in view of Dilger et al (US 2011/0283085A1) hereinafter referred to as Dilger.
	
	Regarding claim 3, Boivie teaches The apparatus according to claim 1, however Boivie does not explicitly teach in which the memory integrity checking circuitry is configured to support the integrity tree being configured to include one or more leaf nodes specifying leaf entries corresponding to discontiguous groups of address blocks within a memory address space, for which at least one intervening group of address blocks between the discontiguous groups of address blocks is unprotected by the integrity tree.
Dilger teaches in which the memory integrity checking circuitry is configured to support the integrity tree being configured to include one or more leaf nodes specifying leaf entries corresponding to discontiguous groups of address blocks within a memory address space, for which at least one intervening group of address blocks between the discontiguous groups of address blocks is unprotected by the integrity tree (Dilger [0031] "For example, if the data segments are discontiguous, a discontiguous hash tree as discussed below with respect to FIG. 4 maybe generated, where the leaf hashes generated in step 202 have vacancies for the missing data segments"; if the address space does not have a leaf hash, it is not protected by the integrity tree).
As Boivie and Dilger are both in a similar field of endeavor of memory control, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the System of Boivie with the discontiguous trees of Dilger. One of ordinary skill in the art would have been motivated to make this modification because the addresses of the tree nodes can either be contiguous or discontiguous. Boivie does not provide any particular addressing scheme, thus choosing a discontiguous addressing scheme would be obvious to try. As there are only two choices in addressing schemes to use, and both schemes are applicable to the System of Boivie, and both schemes would provide predictable solutions with a reasonable expectation of success, it would be obvious to try the discontiguous scheme.

	Regarding claim 4, the combination of Boivie and Dilger teaches The apparatus according to claim 1, in which the memory integrity checking circuitry is configured to support the integrity tree being configured to include nodes stored at two or more discontiguous groups of address blocks within a memory address space, for which at least one intervening group of address blocks between the discontiguous groups of address blocks comprises at least one of: unallocated memory; and memory allocated for storing data other than said integrity tree (Dilger [0031] "For example, if the data segments are discontiguous, a discontiguous hash tree as discussed below with respect to FIG. 4 maybe generated, where the leaf hashes generated in step 202 have vacancies for the missing data segments"; if there is no leaf node referencing a particular memory location, that location is either unallocated or storing data other than nodes for the integrity tree).

Claims 8-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boivie in view of Shamis et al (US 2017/0103039A1) hereinafter referred to as Shamis.

Regarding claim 8, Boivie teaches The apparatus according to claim 5, however Boivie does not explicitly teach in which the memory integrity checking circuitry is configured to halt the top-down traversal in response to detecting, on a path from the root node to the given leaf node, a branch node for which a corresponding branch entry for the given address block specifies a null indicator.
Shamis teaches in which the memory integrity checking circuitry is configured to halt the top-down traversal in response to detecting, on a path from the root node to the given leaf node, a branch node for which a corresponding branch entry for the given address block specifies a null indicator (Shamis [0102] "As such, these techniques enable caching of nodes without needing to validate the cache. For example, in various implementations, when a branch is divided into key-value/pointer pair entries (e.g., branch contains keys 1 to 1000), that branch is never recreated. In particular, when a branch is created, the key-value/pointer pair entries are initialized as null pointers"; as the null pointer no longer points to a new address, traversal of the tree is halted).
As Boivie and Shamis are both in a similar field of endeavor of memory control, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the System of Boivie with the null nodes of Shamis. One of ordinary skill in the art would have been motivated to make this modification because Boivie does not provide a particular method of memory allocation, specifically pre-allocating or on demand allocating. By utilizing the on demand allocation of Shamis, the memory footprint of the tree is reduced, thus saving a large amount of memory space, as noted by Shamis in [0102].

Regarding claim 9, the combination of Boivie and Shamis teaches The apparatus according to claim 8, in which the null indicator comprises one of: the pointer specifying a null value; the integrity checking value corresponding to the given address block specifying a null value (Shamis [0102] "As such, these techniques enable caching of nodes without needing to validate the cache. For example, in various implementations, when a branch is divided into key-value/pointer pair entries (e.g., branch contains keys 1 to 1000), that branch is never recreated. In particular, when a branch is created, the key-value/pointer pair entries are initialized as null pointers").

Regarding claim 10, the combination of Boivie and Shamis teaches The apparatus according to claim 8, in which when the top-down traversal is triggered by a memory access request for triggering a memory access to the given address block in memory, and the top-down traversal detects a branch node for which the corresponding branch entry specifies the null indicator, the memory integrity checking circuitry is configured to perform at least one of: treat the given address block as an unprotected address block for which no integrity verification is required; and return an indication that integrity verification is successful for the given address block (Shamis [0102] "As such, these techniques enable caching of nodes without needing to validate the cache. For example, in various implementations, when a branch is divided into key-value/pointer pair entries (e.g., branch contains keys 1 to 1000), that branch is never recreated. In particular, when a branch is created, the key-value/pointer pair entries are initialized as null pointers"; if there is no pointer in the integrity tree pointing towards a particular memory location, then that location is an unprotected location for which integrity verification is not required).

Regarding claim 11, the combination of Boivie and Shamis teaches The apparatus according to claim 8, in which when the top-down traversal is triggered by a tag adding request for requesting addition of an integrity tag for the given address block to a corresponding leaf node of the integrity tree, and the top-down traversal detects a given branch node for which the corresponding branch entry specifies the null indicator (Shamis [0102] "As such, these techniques enable caching of nodes without needing to validate the cache. For example, in various implementations, when a branch is divided into key-value/pointer pair entries (e.g., branch contains keys 1 to 1000), that branch is never recreated. In particular, when a branch is created, the key-value/pointer pair entries are initialized as null pointers";), the memory integrity checking circuitry is configured to: trigger software to allocate memory address space for storing a further child node of the given branch node, and update the pointer of the corresponding branch entry of the given branch node to indicate an address specified by the software as being allocated for the further child node (Shamis [0102] "Then, once a null pointer needs to be converted into a real branch (with actual data)the Key-Value Manager performs the allocation on demand and enables writes to the newly allocated memory using the RDMA-based write techniques described herein. For example, when the key-value store is initially created, the root node is divided into some number of branches. These branches are then filled as writes are performed, and new branches (e.g., conversion of leaf nodes to branches) are allocated and filled with data on an as-needed basis").


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN B FULFORD whose telephone number is (571)272-7229. The examiner can normally be reached M-Th 9am-3pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on (571) 270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/D.B.F./Examiner, Art Unit 2132                                                                                                                                                                                                        
/DAVID YI/Supervisory Patent Examiner, Art Unit 2132