DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 07/05/2022 wherein claims 1 – 7 are pending and ready for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/11/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
Applicant's arguments filed 07/05/2022 have been fully considered but they are not persuasive. 
Rejection Under 35 USC § 103Applicant Asserts: A “distributed server” architecture cannot reasonably be considered to correspond to a system processor, a secure processor, and a secure memory integrated into a processing device, as recited in claim 1. See Nigro, para. [0017]. Nigro further fails to teach any compiler architecture, and thus cannot reasonably be considered to teach “detecting, by a compiler a call by an application executable by a system processor to a secure service executable by a secure processor at a secure memory region” as recited in claim 1. Redlich discusses only a process that “gathers the document elements and visually compiles and presents the plaintext to the user.” See Redlich, para. [2926]. Here, action that “presents the plaintext to the user” cannot reasonably be considered to correspond to “detecting, by a compiler a call by an application executable by a system processor to a secure service executable by a secure processor at a secure memory region.” as recited in claim 1.

Examiner Response:  The Examiner thanks applicant representative for working to advance this application.  Respectfully, the Examiner does not agree that the prior art of record does not teach the features cited in this patent application.  
New matter - Claim 1 has been amended to cite: detecting, by a compiler a call by an application executable by a system processor to a secure service executable by a secure processor at a secure memory region of a secure memory having access thereof restricted to the secure processor, the system processor, the secure processor, and the secure memory integrated into a processing device, changes the scope of the invention to include its meets and bounds.  The reason is detecting a call to a secure service at a secure memory region of a processing device is not the same as detecting, by a compiler a call by an application executable by a system processor to a secure service executable by a secure processor at a secure memory region of a secure memory having access thereof restricted to the secure processor, the system processor, the secure processor, and the secure memory integrated into a processing device.  There is no support in the disclosure that teaches the amended “detecting by a compiler”.  This feature specifies a particular element of the processor but other elements are capable of detecting system calls well before a compiler such as the runtime emulators.  

Redlich – Redlich does indeed teach the compiler and embodies the same or similar context as the instant claim amendment.  Redlich compiler gathers and compiles data for presentation. Redlich at [2923] discloses, in part.... Function 130 operates as a compiler to gather the extracted data and remainder data into a single plaintext document. If the data object represents sound or audio signals, reconstruction and play back may require a speaker output in function block 130. In a telecommunications implementation of the present invention, the input would include a microphone or audio detector (supplemental to the input device for document 100).  Here, Redlich’s compiler provides a user interface a screen for a document, speakers for sound, or microphone in a telecommunications environment.  

Claim Rejections - 35 USC § 112The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-9 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 cites in part... detecting, by a compiler a call by an application executable by a system processor to a secure service executable by a secure processor at a secure memory region of a secure memory having access thereof restricted to the secure processor, the system processor, the secure processor, and the secure memory integrated into a processing device.  There is no support for the claimed ‘detecting’ by the compiler, ‘obtaining’ by the compiler, ‘generating’ by the compiler or ‘locating’ by the compiler in the specification or drawings.  Instant specification at [0038] discloses:
 Fig. 4 illustrates an example method of accessing a secure service with a guard service in accordance with present implementations. In some implementations, a compiler device, system, or the like associated with at least one of the example processing system 100 and the example memory system 200 performs method 400 according to present implementations. In some implementations, the compiler device is operable to detect one or more conditions requiring generating, modifying, or the like, guard services and access points associated with particular applications. 

Here, a compiler that is capable of detecting one or more conditions that require generating, modifying, or the like, is not the same as a compiler detecting a system call, obtaining an interface, generating a guard service, or locating the guard service.  Instead, it is the system that provides for these functions.  The claimed ‘system call’ is disclosed at [0039] as being detected by the system instead of a compiler or compiler system.  Delineating to a compiler component of the ‘system’ requires a direct reference to the compiler functions, either as originally filed, or as originally claimed.  The Examiner considers use of the compiler as claimed, constitutes new matter.  The dependent claims 2-9 are likewise rejected by virtue of their dependency to Claim 1.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7 are rejected under 35 U.S.C. 103 as being unpatentable over Nigro; Carmen et al, US 20210377247 A1, December 12, 2021, hereafter referred to as Nigro, in view Redlich; Ron M. et al, US 20090254572 A1, November 08, 2009 hereafter referred to as Redlich.
As to claim 1, Nigro teaches a method of generating a guard service for a secure service at a secure region of a processing system – Nigro [0006] FIG. 2 is a top level data flow diagram showing a handshake between a Client/App and an API Server for providing public API authentication. Here, the claimed ‘method’ is taught by Nigro as ‘FIG. 2’ whereby the claimed ‘guard service’ is taught by Nigro as ‘API’ per instant specification [0024] whereas the claimed ‘secure region’ is taught by Nigro as ‘API server’ since API Configuration Service logic includes a key generator and stores keys), the method comprising:
detecting, by a compiler, a call by an application executable by a system processor to a secure service executable by a secure processor at a secure memory region of a secure memory having access thereof restricted to the secure processor -Nigro [0026] Referring to FIG. 2,... the Client/App 16 has the Client App Authorization (CAA) Logic 20, which executes the appropriate logic to perform the necessary authentication with the API Servers, e.g., the API Server 40A. The Client API Auth (CAA) Logic 20 can be viewed has having two primary portions, a PK Request Logic portion 202, and an Authentication Key (AK) generation and API Request portion 204., the system processor, the secure processor, and the secure memory integrated into a processing device; – Nigro [0027] The Temporary Key (TK) generation portion creates (or generates) a Temporary Key (TK) to send to the API Server 40A as indicated by the arrow 210. Here, the claimed ‘application’ is taught by Nigro as ‘client/app16’ whereas the claimed ‘call’ is taught by Nigro as ‘arrow 210’.  The claimed ‘compiler’ is suggested by Nigro as ‘API Server 40A’ because the server contains at least one processor whereby one of ordinary skill in the art understands a compiler/interpreter  is needed to translate code into machine language for the Server to function;
obtaining, by a compiler, a secure interface associated with the secure service – Nigro [0046] … the Authorization Key (AK) generation portion 204 of the Client API Auth Logic 20 creates the Authentication Key (AK) to send to the API Server 40A in an API Request, as indicated by the arrow 260. Here, the claimed ‘secure interface’ is taught by Nigro as ‘API Request’ which is obtained via method step 414 of Figure 4.  The claimed ‘compiler’ is suggested by Nigro as ‘API Server 40A’ because the server contains at least one processor whereby one of ordinary skill in the art understands a compiler/interpreter is needed to translate code into machine language for the Server to function);
generating, by a compiler, a guard interface based at least partially on the secure interface – Nigro [0046] … The AK is created by using the one-way hashing function or algorithm Function2 (or Fn2), described herein above with TK Generation portion 202. …  the AK is generated by hashing the Session ID and the current Partial Key together using the hashing Function2 (Fn2) Here, the claimed ‘partially’ is taught by Nigro as ‘AK’ because the authorization key is part of the client API and therefore would contribute partially to the secure interface.  The claimed ‘a compiler’ is suggested by Nigro as ‘API Server 40A’ because the server contains at least one processor whereby one of ordinary skill in the art understands a compiler/interpreter is needed to translate code into machine language for the Server to function);
generating, by a compiler, a guard service based at least partially on the guard interface – Nigro [0047] The Authorization Key (AK) is provided to one of the “Other Services” logics 222 of the API Server 40A, based on the specific API Request, e.g., the GET Service 224 for a GET API Request.  Here, the claimed ‘a compiler’ is suggested by Nigro as ‘API Server 40A’ because the server contains at least one processor whereby one of ordinary skill in the art understands a compiler/interpreter is needed to translate code into machine language for the Server to function);

locating, by a compiler, the guard service at a secure region – Nigro [0050] Once the PK is re-created (or re-calculated), the received AK from the Client/App is validated by independently calculating AK (e.g., a “confirming” AK) using hash Function2 (or Fn2) and hashing together the Session ID (from the header in the API Request 260) and the PK just calculated, and validating that the “confirming” AK and the received AK are the same.  Here, the claimed ‘locating’ is taught by Nigro as ‘from the header…’ since the API request 260 is a guard service request found in the header) NIGRO SUGGESTS BUT DOES NOT EXPLICTLY TEACH A COMPILER HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR REDLICH TEACHES and
locating, by a compiler, the guard interface at a secure address at the secure region – Redlich [0135 and 0761] Incorporated with a trusted OS (for example a certified Trusted Solaris and a TCS guard) DigitalDoors enables a user to divide a document into granular content segments, tagging and encrypting each of the newly parsed parts according to the classification level of its content (TS, S, C, U) and dispersing the tagged parts to different distributed (TS, S, C, U) storage locations throughout the enterprise.  Here, the claimed ‘locating’ is taught by Redlich as ‘dispersing’ because the various tagged segments are sent to a secure address.  The claimed ‘guard interface’ is taught by Redlich as ‘DigitalDoors’.  The claimed ‘secure address and secure region’ is taught by Redlich as ‘storage location’. The claimed ‘compiler’ is taught by Redlich as ‘TCS guard’ since at ‘761 While the external workflow is not altered from the user's perspective, several internal changes are important to document ... Our initial scripts were converted and compiled into the more-secure MS-preferred .DLL add-in formats...To provide the API Server 40A of Nigro decision support logic to identify a guard service at a secure region of a device would have been obvious to one of ordinary skill in the art, in view of the teachings of Redlich, since all the claimed elements were known in the prior art and one skilled in the art before the effective filing date of the claimed invention could have combined the elements as claimed by known methods (i.e. prior art element (s)) with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention, i.e., one skilled in the art would have recognized that the prior art element of distributing a digital door interface compiles higher-level programs and code to run on processors in the application server and recompile code to selected secure regions. Redlich would allow the API Server 40A of Nigro the ability to locate a proprietary application program interface that includes all of the access logic needed to protect data and users).

As to claim 2, the combination of Nigro and Redlich teaches the method of claim 1, further comprising:
obtaining a security policy associated with the secure service and including an access restriction associated with the secure region – Nigro [0020] The API Servers 40 may be called “local’ servers as they may be controlled by the maker of the App., even if they are located remote from the content creator, and thus can set the rules of engagement (or communication protocol) with a client, and can design the App to work efficiently with the local APIs on the local API Servers; and
validating the secure interface based at least partially on the access restriction – Nigro [0021] The user device 14 also communicates with one or more 3rd party API Servers 44, via the Client API Auth Logic 20, to send API requests and receive content (or data) or instructions (or rules or results or response) regarding how to interact with the 3rd party APIs, success/failure of the interaction, and how to access desired content/data).

As to claim 3, the combination of Nigro and Redlich teaches the method of claim 1, wherein the validating the secure interface further comprises restricting the call from accessing an operation of the secure interface – Nigro [0021] … if a User Device 70, used by a User 71, has an App or Script API logic 73 that is not authorized to communicate with the API Server 40, deemed an “unauthorized” Client/App, an API Request 72 will not have the appropriate key (or signature) and the API Servers 40 will provide an API Response 74 having an unsuccessful or fail message).

 As to claim 4, the combination of Nigro and Redlich teaches the method of claim 1, wherein the validating the secure interface comprises restricting the secure service from accessing data outside the secure region – Nigro [0012] … If either side does not properly authenticate or validate, the API request from the Client/App is not executed by the API Server).

As to claim 5, the combination of Nigro and Redlich teaches the method of claim 1, wherein the generating the guard interface further comprises generating the guard interface by modifying at least one operation associated with the secure interface  – Nigro [0014] …In some embodiments, the hash function(s) may be randomized or dynamic to produce random patterns of key generation results, and may also use customized hashing functions, and can alter the hash version on each call. Also, one can plug in new algorithms or hashing functions at any time. This makes the present disclosure more difficult to hack by a cyber-attack or malware).

As to claim 6, the combination of Nigro and Redlich teaches the method of claim 5, wherein the modifying the at least one operation further comprises modifying at least one parameter associated with the at least one operation – Nigro [0014] …In some embodiments, the hash function(s) may be randomized or dynamic to produce random patterns of key generation results, and may also use customized hashing functions, and can alter the hash version on each call. Also, one can plug in new algorithms or hashing functions at any time. This makes the present disclosure more difficult to hack by a cyber-attack or malware). Here, the claimed ‘modifying’ is taught by Redlich as ‘customized’ whereas the claimed ‘operation’ is taught by Redlich as ‘hashing functions’).

As to claim 7, the combination of Nigro and Redlich teaches the method of claim 1.  further comprising:
generating, by a compiler, an access point at the secure address, wherein the secure address is addressable from a system region of the processing device – Nigro [0061] Next, block 457 retrieves Slot1 Generated Random Key and Slot2 Generated Random Key from the CMS 250. Next, block 458 re-creates (or re-calculates) the Partial Key (PK) using the Function Fn1 with the User ID from the API Request header and Slot1 Generated Random Key (Slot1 PK) or Slot2 Generated Random Key (Slot2 PK), both obtained from the CMS. Here, the claimed ‘generating’ is taught by Nigro as ‘Slot1 Generated Random Key’ whereas the claimed ‘a compiler’ is taught by Nigro as ‘CMS’ whereby one of ordinary skill in the art understands that the CMS service would include processors.  Processors run at the machine code level such that compiler translations are needed in order to effect Configuration Management Service 250). 
 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249110/11/2022

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491