DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 09/08/2022 has been entered.

The following is a non-final office action in response to communications received 09/08/2022. Claims 1-20 are pending and addressed below. Applicant’s arguments filed 09/08/2022 have been fully considered but they are moot in view of new grounds of rejections.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10, 13, 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Xing (Pub. No. US 2014/0189246) in view of Hung et al (Pub. No. US 2015/0222637).

As per claim 1, Xing discloses an apparatus comprising: a secure runtime configured to execute a plurality of unmodified applications in a secure enclave, wherein the secure enclave defined by a hardware device (…secure enclave may represent any hardware for creating and maintaining a secured, protected environment such as a secure enclave in which application or other software may run, be loaded…see par. 24, 27); a secure application loader configured to load an unmodified application into the secure runtime (the secure may be initiated, using EINIT instruction…execution of the first application may enter the secure enclave…the first application may load a second application into the secure enclave…(Examiner interprets that first application is unmodified since a new application into the secure enclave)…see fig.3, par. 43-47). Xing does not explicitly disclose an OS bridge configured to provide OS services to the application. However Hung discloses an OS bridge configured to provide OS services to the unmodified application (…the operating system receives user input to start the application…the operating system loader determines the library module dependencies for the application binary and the module load order based on their dependency…the loader then loads into memory all the modules in the determined order…see par. 61-67). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Hung in Xing for including the above limitations because one ordinary skill in the art would recognize it would further enhance the efficiency and security of applications in personal and workspaces on a mobile computing device…see par. 4-6.


As per claim 2, the combination of Xing and Hung discloses wherein the secure application loader is further configured to load a plurality of libraries associated with the loaded unmodified application (Hung: see par. 33). The motivation for claim 2 is the same motivation as in claim 1 above.


As per claim 3, the combination of Xing and Hung discloses wherein the secure application loader is further configured to run binary executables in an isolated and shielded environment (Xing: see par. 24).


As per claim 4, the combination of Xing and Hung discloses wherein the OS bridge is further configured to encrypt data used by the loaded unmodified application such that the encrypted data is stored within the secure runtime (Hung: see par. 52-53). The motivation for claim 4 is the same motivation as in claim 1 above.




As per claim 5, the combination of Xing and Hung discloses wherein the OS services may include a plurality of system calls (Hung: see par. 55-56). The motivation for claim 5 is the same motivation as in claim 1 above.


As per claim 6, the combination of Xing and Hung discloses wherein the secure runtime is further configured to operate with a plurality of different types of hardware devices (Hung: see par. 30). The motivation for claim 6 is the same motivation as in claim 1 above.


As per claim 7, the combination of Xing and Hung discloses wherein the secure runtime generates an encrypted memory partition associated with the loaded unmodified application (Xing: see par. 23).


As per claim 8, the combination of Xing and Hung discloses wherein executing a plurality of unmodified applications in a secure enclave includes executing each of the unmodified applications in the secure enclave (Xing: see par. 43-47).


As per claim 9, the combination of Xing and Hung discloses wherein executing a plurality of applications in a secure manner includes executing at least two of the plurality of applications in the same secure enclave (Xing: see fing.3).


As per claim 10, the combination of Xing and Hung discloses wherein at least one of the plurality of unmodified applications are executed by the secure runtime without requiring any modification of the at least one unmodified application (Xing: see par. 43-47).


As per claim 13, the combination of Xing and Hung discloses wherein the secure runtime is configured to replace the system call with a second system call (Hung: see par. 60-61). The motivation for claim 13 is the same motivation as in claim 1 above.


As per claim 15, the combination of Xing and Hung discloses wherein the secure runtime implements application attestation which allows an unmodified application executing in the secure runtime to authenticate itself to another system (Hung: see par. 45). The motivation for claim 15 is the same motivation as in claim 1 above.


As per claim 16, the combination of Xing and Hung discloses wherein a state of a particular application is bound to a secret (Xing: see par. 35).


As per claim 17, the combination of Xing and Hung discloses wherein the secure runtime provisions secret data by encrypting the data using a public-key generated by the secure runtime inside the secure enclave (Xing: see par. 28).


Claims 11, 12, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Xing (Pub. No. US 2014/0189246) in view of Hung et al (Pub. No. US 2015/0222637) as applied to claim 1 above, and in further view of Hawblitzel et al (Pub. No. US 2010/0192130).


As per claim 11, the combination of Xing and Hung does not explicitly disclose wherein at least two of the plurality of unmodified applications are linked statically and directly invoke a system call instruction to be intercepted by a fault handler. However Hawblitzel discloses wherein at least two of the plurality of unmodified applications are linked statically and directly invoke a system call instruction to be intercepted by a fault handler (…see par. 73-75). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Hawblitzel in the combination of Xing and Hung for including the above limitations because one ordinary skill in the art would recognize it would further enhance techniques for achieving static verification for memory safety for constructing a “safe” operating system…see par. 17.


As per claim 12, the combination of Xing, Hung and Hawblitzel discloses wherein the fault handler delegates a signal indicating which system call was attempted to a trusted handler inside the secure enclave (Hawblitzel: see par. 75). The motivation for claim 12 is the same motivation as in claim 1 above.


As per claim 14, the combination of Xing, Hung and Hawblitzel discloses wherein the secure runtime is configured to: switch to a second stack when the system call instruction is invoked; carry out the system call servicing using the second stack; and switch back to the original stack before returning to the unmodified application (Hawblitzel: see par. 107). The motivation for claim 14 is the same motivation as in claim 11 above.




Claims 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Andrus et al (Pub. No. US 2016/0077850) in view of Xing et al (Pub. No. US 2015/0278528).

As per claim 18, Andrus discloses a method comprising: loading, by a secure application loader, a system-call interception layer (…dynamically loading the surrogate library…allowing function calls to be intercepted by the surrogate functions of the surrogate library…see par. 98); loading, by the secure application loader, an Executable and Linkable Format/Portable Executable binary (…the dynamic binary loader can be the android Executable and Linkable Format loader…see par. 98-100); loading, by the secure application loader, dynamically linked libraries (…load the domestic binaries using dynamic binary loader…see par. 100). Andrus does not explicitly disclose initializing, by the secure application loader, an enclave; and initiating an unmodified application in the enclave. However Xing disclose initializing, by the secure application loader, an enclave; and initiating an unmodified application in the enclave (…the enclaves may be loaded via an enclave loader that may be generated at build time by an annotation processor responsive to one or more annotations in source code of a source code application…the application has interfaces to enclaves…see par. 84). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Xing in Andrus for including the above limitations because one ordinary skill in the art would recognize it would further establish a secure enclave…to provide a secure and isolated execution environment for applications to process confidential data…see par. 2.



As per claim 19, the combination of Andrus and Xing discloses loading, by the secure application loader, an in- enclave Executable and Linkable Format/Portable Executable loader (Andrus: see par. 100).


As per claim 20, the combination of Andrus and Xing discloses loading, by the secure application loader, a plurality of libraries associated with the unmodified application (Andrus: see par. 100).







Conclusion


The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to secure runtime systems and methods for use in computing environments.

Wichmann et al (Pub. No. US 2015/0033354); “Method for Protecting an Application Program and Related Computer Program Product”;
-Teaches a specific library loader and the used DLL are attached to or embedded into the executable application, thereby using unused space within the application…the loading feature of the operating system is not modified. Instead, a modified specific version of the operating system’s library loader is used to load the DLL…see par. 83.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499