DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions. 
This Office Action is responsive to amendment filed on 09/14/20222. New claims 16-17 were added in this amendment. Claims 1-17 have been examined and are pending in this application.
Response to Arguments
Applicant's arguments filed 09/14/20222 have been fully considered but they are not persuasive.
A new reference (Thatte US 5,008,786) is relied upon in this Office Action for the newly added dependent claims 16-17.
With respect to the double patenting rejection of claims 1-15 in the previous Office Action, Applicant argues, page 6 of the remarks, “the claims of the present application are herein amended, and the amended claims are not co-extensive in scope with those of the ‘269 Patent.”
The Examiner respectfully disagrees and maintains the double patenting rejection. See below for the double patenting rejection of claims 1-17 with respect to claims 1-15 of U.S. Patent No. 10,853,269. 
Applicant argues, page 7 of the remarks, “[the] cited portions of Herbert do not teach any integrity check performed after a page has been stored in secure memory and thus do not teach to store a decrypted page in a page slot of the internal memory, hash the page as read from the page slot, and based on the hash, determine whether to wipe the decrypted page from the page slot. Instead, Herbert only teaches to check the integrity of a page before storing it in secure memory and does not teach any additional checks thereafter.”
The Examiner respectfully disagrees. In paragraph [0032], Herbert teaches in part “the system is enabled to overwrite the portion of the secure memory occupied by the outgoing page.” (Emphasis added). In other words, the desired page is retrieved and it may overwrite the outgoing page, see paragraph [0032]. Thus, Herbert teaches the amended claim limitation “store the decrypted page in the page slot” required by amended independent claim 1 and similarly required by amended independent claims 6 and 11.
In view of the foregoing remarks and the new reference, independent claims 1, 6, and 11 are not in a condition for allowance. Claims depending therefrom, either directly or indirectly are also not in a condition for allowance. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 of U.S. Patent No. 10,853,269. The claims at issue are identical and the instant claims are anticipated by the claims of the US patent as described in the table below.
Status
Instant Application
US Patent 10,853,269
Anticipation
1. A system comprising:
an internal memory that includes a page slot, wherein the internal memory is configured to be a secure memory;
an external memory; and
a processor coupled to the internal memory and to the external memory the processor configured to:
wipe a first page from the page slot of the internal memory;
read a second page from the external memory;
decrypt the second page, to produce a decrypted page;
store the decrypted page in the page slot; 
read the decrypted page from the page slot;
perform a hash on the decrypted page as read from the page slot; and
in response to the hash not matching the predetermined hash value, wipe the decrypted page from the page slot of the internal memory.
1. A system comprising: 
an internal memory; 
an external memory; 
a processor coupled to the internal memory and to the external memory the processor configured to: 
wipe a first page from a page slot of the internal memory; 
read a second page from the external memory; 
decrypt the second page, to produce a decrypted page; 
overwrite the page slot with the decrypted page; 
perform a hash on the decrypted page; and 
in response to determining that the decrypted page fails the hash, wipe the decrypted page from the page slot of the internal memory.
Anticipation
2. The system of claim 1, wherein the processor is further configured to record an entry in a table identifying whether the page slot is empty.
2. The system of claim 1, wherein the processor is further configured to record an entry in a table identifying whether the page slot is empty.
Anticipation
3. The system of claim 1, wherein the processor is further configured to record an entry in a table identifying swap status for the page slot.
3. The system of claim 1, wherein the processor is further configured to record an entry in a table identifying swap status for the page slot.
Anticipation
4. The system of claim 1, wherein the processor is further configured to record an entry in a table identifying whether a page is swapped in the page slot, a page is swapped out of the page slot, or a page is swapped in after a page was swapped out of the page slot.
4. The system of claim 1, wherein the processor is further configured to record an entry in a table identifying whether a page slot is swapped in the page slot, a page is swapped out of the page slot, or a page is swapped in after a page was swapped out of the page slot.
Anticipation
5. The system of claim 1, wherein the processor is further configured to:
read the first page from the internal memory;
encrypt the first page, to produce an encrypted page; and
write the encrypted page to the external memory.
5. The system of claim 1, wherein the processor if further configured to: 
read the first page from the internal memory; 
encrypt the first page, to produce an encrypted page; and 
write the encrypted page to the external memory.
Anticipation
6. A method comprising:
wiping, by a processor, a first page from a page slot of an internal memory configured to be a secure memory;
reading, by the processor, a second page from an external memory;
decrypting, by the processor, the second page, to produce a decrypted page;
storing, by the processor, the decrypted page in the page slot;
reading the decrypted page from the page slot;
performing, by the processor, a hash on the decrypted page as read from the page slot; 
comparing the hash to a predetermined hash; and
in response to the hash not matching the predetermined hash, wiping the decrypted page from the page slot of the internal memory.
6. A method comprising: 
wiping, by a processor, a first page from a page slot of an internal memory; 
reading, by the processor, a second page from an external memory; 
decrypting, by the processor, the second page, to produce a decrypted page; 
overwriting, by the processor, the page slot with the decrypted page; 
performing, by the processor, a hash on the decrypted page; and 
in response to determining that the decrypted page fails the hash, wiping the decrypted page from the page slot of the internal memory.
Anticipation
7. The method of claim 6, further comprising recording an entry in a table identifying whether the page slot is empty.
7. The method of claim 6, further comprising recording an entry in a table identifying whether the page slot is empty.
Anticipation
8. The method of claim 6, further comprising recording an entry in a table identifying swap status for the page slot.
8. The method of claim 6, further comprising recording an entry in a table identifying swap status for the page slot.
Anticipation
9. The method of claim 6, further comprising recording an entry in a table identifying whether a page is swapped in the page slot, a page is swapped out of the page slot, or a page is swapped in after a page was swapped out of the page slot.
9. The method of claim 6, further comprising recording an entry in a table identifying whether a page slot is swapped in the page slot, a page is swapped out of the page slot, or a page is swapped in after a page was swapped out of the page slot.
Anticipation
10. The method of claim 6, further comprising:
reading the first page from the internal memory;
encrypting the first page, to produce an encrypted page; and
writing the encrypted page to the external memory.
10. The method of claim 6, further comprising: 
reading the first page from the internal memory; 
encrypting the first page, to produce an encrypted page; and 
writing the encrypted page to the external memory.
Anticipation
11. A non-transitory computer readable storage medium storing a program for execution by a processor, the program configured to, when executed by the processor, cause the processor to:
wipe a first page from a page slot of an internal memory configured to be a secure memory;
read a second page from an external memory;
decrypt the second page, to produce a decrypted page;
store the decrypted page in the page slot; 
perform a hash on the decrypted page as read from the page slot; and
in response to the hash not matching the predetermined value, wipe the decrypted page from the page slot of the internal memory.
11. A non-transitory computer readable storage medium storing a program for execution by a processor, the program configured to, when executed by the processor, cause the processor to: 
wipe a first page from a page slot of an internal memory; 
read a second page from an external memory; 
decrypt the second page, to produce a decrypted page; 
overwrite the page slot with the decrypted page; 
perform a hash on the decrypted page; and 
in response to determining that the decrypted page fails the hash, wipe the decrypted page from the page slot of the internal memory.
Anticipation
12. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to record an entry in a table identifying whether the page slot is empty.
12. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to record an entry in a table identifying whether the page slot is empty.
Anticipation
13. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to record an entry in a table identifying swap status for the page slot.
13. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to record an entry in a table identifying swap status for the page slot.
Anticipation
14. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to record an entry in a table identifying whether a page is swapped in the page slot, a page is swapped out of the page slot, or a page is swapped in after a page was swapped out of the page slot.
14. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to record an entry in a table identifying whether a page slot is swapped in the page slot, a page is swapped out of the page slot, or a page is swapped in after a page was swapped out of the page slot.
Anticipation
15. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to:
read the first page from the internal memory;
encrypt the first page, to produce an encrypted page; and
write the encrypted page to the external memory.
15. The non-transitory computer readable storage medium of claim 11, wherein the program is further configured to cause the processor to: 
read the first page from the internal memory; 
encrypt the first page, to produce an encrypted page; and 
write the encrypted page to the external memory.
Obvious in view of Thatte US 5,008,786
16. (New) The system of claim 1, wherein the processor is further configured to: determine a time stamp associated with the decrypted page as read from the page slot;
compare the time stamp to a predetermined time stamp value; 
in response to the time stamp not matching the predetermined time stamp value, wipe the decrypted page from the page slot of the internal memory.
Claim 1.
Obvious in view of Thatte US 5,008,786
17. (New) The method of claim 6 further comprising: determining a time stamp associated with the decrypted page as read from the page slot of;
comparing the time stamp to a predetermined time stamp value; 
in response to the time stamp not matching the predetermined time stamp value, wiping the decrypted page from the page slot of the internal memory.
Claim 6.


Claims 16-17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 6 of U.S. Patent No. 10,853,269 in view of Thatte US 5,008,786 (“Thatte”).
As per dependent claims 16 and 17, taking claim 16 as exemplary, Thatte teaches wherein the processor is further configured to: determine a time stamp associated with the decrypted page as read from the page slot (TS(X) indicates the timestamp of a page X, col 13 lines 21, 23 and FIGS. 4-5);
compare the time stamp to a predetermined time stamp value (The time of the last checkpoint operation is denoted by the timestamp TCHK, and TS(X) is compared with TCHK col 13 lines 44-45, col 14 lines 20-23 and FIGS. 4-5);
in response to the time stamp not matching the predetermined time stamp value, wipe the decrypted page from the page slot of the internal memory (If TS(X) is less than TCHK, page X is discarded, col 14 lines 20-23 and FIGS. 4-5).
Claim Rejections - 35 USC § 102
(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.


Claims 1-15 are rejected under pre-AIA  35 U.S.C. 102(b) as being anticipated by Applicant provided prior art Herbert et al. US 2002/0099946 (“Herbert”).
As per independent claim 1, Herbert teaches A system (FIG. 1 is a block diagram of a system in which a physically secure system 1 is coupled to an insecure external storage system 4 by a bus 7, paras 0009, 0015 and FIG. 1) comprising:
an internal memory (A RAM 14 and an optional flash memory 15, para 0016 and FIG. 1) that includes a page slot (RAM 14 utilizes a smaller page size, para 0019 and FIG. 2), wherein the internal memory is configured to be a secure memory (RAM 14 is a secure memory, para 0019 and FIG. 2);
an external memory (External storage unit 4, para 0015 and FIG. 1);
a processor (A processor 16, para 0016 and FIG. 1) coupled to the internal memory (Processor 16 is coupled by a bus 17 to RAM 14 and optional flash memory 15) and to the external memory (Processor 16 is coupled to external storage unit 4 via bus 7, para 0015 and FIG. 1) the processor configured to:
wipe a first page from the page slot of the internal memory (FIGS. 5a and 5b show a flowchart of paging operation in the secure system. At functional block 50, a page is identified as needed and a page fault occurs. When a page fault occurs, a determination is made, at decision block 52, if there is space available in the secure RAM 14 to which the needed page can be mapped. If no space is available, then a page is selected to page out at functional block 53, para 0030 and FIG. 5a);
read a second page from the external memory (The page location identifier of the desired (needed) page is retrieved through a corresponding entry in the page directory or page table at functional block 61 and a request for that page is then sent to the external storage unit 4 at functional block 63, para 0032 and FIG. 5b);
decrypt the second page, to produce a decrypted page (A key and IV (initialization vector) are used to decrypt the incoming page at functional block 64, para 0032 and FIG. 5b);
store the decrypted page in the page slot (“the system is enabled to overwrite the portion of the secure memory occupied by the outgoing page.” Para 0032. Hence, the outgoing page is overwritten with the incoming decrypted page. “the keying information must first be retrieved, decrypted, integrity checked and the desired key and IV (integrity value) identified before the page table and/or page frame may be paged in.” Para 0033. Accordingly, the incoming page is decrypted prior to the overwrite of the outgoing page);
read the decrypted page from the page slot (The decrypted page is hashed and an ICV (integrity check value) is determined at functional block 65, para 0032 and FIG. 5b);
perform a hash on the decrypted page as read from the page slot (The decrypted page is hashed and an ICV (integrity check value) is determined at functional block 65, para 0032 and FIG. 5b);
compare the hash to a predetermined hash value (The ICV of the incoming page is compared with the previously stored ICV at decision block 66, para 0032 and FIG. 5b); 
in response to the hash not matching the predetermined hash value (The ICV of the incoming page is compared with the previously stored ICV at decision block 66. If the ICVs do not match, then the page is discarded at functional block 68, para 0032 and FIG. 5b), wipe the decrypted page from the page slot of the internal memory (If the ICVs do not match, then the page is discarded at functional block 68, para 0032 and FIG. 5b).
As per dependent claim 2, Herbert discloses the system of claim 1. Herbert teaches wherein the processor is further configured to record an entry in a table identifying whether the page slot is empty (FIG. 4b shows a format of page directory and page table entry where the page table or page frame corresponding to the entry is present 200 or not present 201, respectively, para 0028 and FIG. 4b).
As per dependent claim 3, Herbert discloses the system of claim 1. Herbert teaches wherein the processor is further configured to record an entry in a table identifying swap status for the page slot (FIG. 4b shows a format of page directory and page table entry where the page table or page frame corresponding to the entry is present 200 or not present 201, respectively, para 0028 and FIG. 4b. If the entry 200 indicates that the page is present, then the page is swapped in. If the entry 201 indicates that the page is not present, the page is swapped out).
As per dependent claim 4, Herbert discloses the system of claim 1. Herbert teaches wherein the processor is further configured to record an entry in a table identifying whether a page is swapped in the page slot, a page is swapped out of the page slot, or a page is swapped in after a page was swapped out of the page slot (FIG. 4b shows a format of page directory and page table entry where the page table or page frame corresponding to the entry is present 200 or not present 201, respectively, para 0028 and FIG. 4b. If the entry 200 indicates that the page is present, then the page is swapped in. If the entry 201 indicates that the page is not present, the page is swapped out).
As per dependent claim 5, Herbert discloses the system of claim 1. Herbert teaches wherein the processor is further configured to: read the first page from the internal memory (Referring to FIG. 5a, if no space is available in secure RAM 14, then a page is selected to page out at functional block 53, para 0030 and FIG. 5a);
encrypt the first page, to produce an encrypted page (If the selected page has been modified then, at functional block 55, an integrity check value (ICV) is calculated for the outgoing page and the ICV is stored at a predetermined location, para 0030 and FIG. 5a. At functional block 58, the outgoing page is encrypted using a key and an initialization vector, para 0031 and FIG. 5a);
write the encrypted page to the external memory (At functional block 59, the encrypted page is exported to the external storage unit 4, para 0031 and FIG. 5a).
As per claims 6-10, these claims are respectively rejected based on arguments provided above for similar rejected claims 1-5.
As per claims 11-15, these claims are respectively rejected based on arguments provided above for similar rejected claims 1-5. See FIG. 1 of Herbert for secure RAM 14, optional secure flash memory 15 and processor 16. A computer program product may be stored in the secure memory for execution by processor 16.
Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 16-17 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Herbert in view of Thatte US 5,008,786 (“Thatte”).
As per dependent claim 16, Herbert discloses the system of claim 1. Herbert may not explicitly disclose, but in an analogous art in the same field of endeavor, Thatte teaches wherein the processor is further configured to: determine a time stamp associated with the decrypted page as read from the page slot (TS(X) indicates the timestamp of a page X, col 13 lines 21, 23 and FIGS. 4-5);
compare the time stamp to a predetermined time stamp value (The time of the last checkpoint operation is denoted by the timestamp TCHK, and TS(X) is compared with TCHK col 13 lines 44-45, col 14 lines 20-23 and FIGS. 4-5);
in response to the time stamp not matching the predetermined time stamp value, wipe the decrypted page from the page slot of the internal memory (If TS(X) is less than TCHK, page X is discarded, col 14 lines 20-23 and FIGS. 4-5).
Given the teaching of Thatte, it would have been obvious to a person of ordinary skill in the art at the time of the claimed invention to further modify the scope of the invention of Herbert with “wherein the processor is further configured to: determine a time stamp associated with the decrypted page as read from the page slot” and “compare the time stamp to a predetermined time stamp value” and “in response to the time stamp not matching the predetermined time stamp value, wipe the decrypted page from the page slot of the internal memory”. The motivation would be that the invention provides for improved recoverable paging scheme, col 6 lines 25-26 of Thatte.
As per dependent claim 17, this claim is rejected based on arguments provided above for similar rejected dependent claim 16.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZUBAIR AHMED whose telephone number is (571)272-1655. The examiner can normally be reached 7:30AM - 5:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, DAVID X YI can be reached on (571) 270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZUBAIR AHMED/Examiner, Art Unit 2132                                                                                                                                                                                                        
/DAVID YI/Supervisory Patent Examiner, Art Unit 2132