DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Status of the application

This Office Action is in response to Applicant's Application filed on 11/24/2021. Claims 1-20 are pending for this examination.

Information Disclosure Statement

The information disclosure statements (IDS’s) submitted on 11/24/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements have been considered by the examiner.


Invention Summary as understood by the Examiner


This section describes a simplified summary of the claimed subject matter in order to provide a basic understanding of the examiner on the subject matter. This summary is not an extensive overview and is not intended to identify key/critical elements or to delineate the scope of the claimed subject matter as presented in the disclosure. The applicant is not expected to comment on this section unless there is a gross misrepresentation of the invention which implies that the Examiner’s comprehension may be flawed. 

The invention of the instant application is to secure a software application which executes in a white-box environment, where the application is accessible by an attacker. The invention uses a cryptographic algorithm using cryptographic keys to generate a secure version of the software application. In addition, the invention uses code obfuscation method to alter executable binary in various ways to create multiple versions of the same application. Versions of the various executables, execute for a predetermined time window and it terminates the execution of that version and another version gets loaded and executed. This way an attacker cannot collect enough data of any of the executables.  

Analogous art

In broad interpretation, instant application is about compiling and generating software executables and applying different security techniques to secure the software and deploying the software executable on resources in a network. Prior arts which teach these technologies are considered to be analogous art to the instant application.


Claim Interpretation

Claims use the term “ephemeral”. The term has not been defined in the specification. The word’s customary meaning is “short-lived” or “transitory” or “temporary”. As such, for this examination the examiner considers any code which executes for a short time is considered “ephemeral”. 
Claim 13 uses a term “security application”. The term has not been defined. Specification recites in [0074] “build and deploy short lived, ephemeral, white-box protected application instances (e.g. security applications, such as virtualized security modules, cryptographic engines, virtual private network applications, virtualized secure (TLS, SSL) server applications, or the like)..”. This shows that a security application is an application which has a part or module which provides some kind of security.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-6, 10-13, 15, 18, and 20 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Mohanty et al. (hereinafter Mohanty, Publication No.: US 2017/0279826) in view of Giuffrida et al. (hereinafter Giuffrida, “Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization”, 2012, USENIX Security Symposium). 


As per claim 1, Mohanty teaches, 

 A secure cloud-based system comprising: 

a distribution of digital network processing resources; and (Mohanty Figure 1 shows distribution of digital network processing.) 

a central digital processing environment comprising: 

a secure network interface to each of said digital processing resources; (Mohanty 
Figure 1 box 150 shows secure network interface. Similarly cloud platform 120 shows security agents 134. Also see Figure 6 box 600 shows the security system.)

a digital hardware processor; and (Mohanty Figure 6 box 602 shows a CPU.)

a deployment engine operable to serially deploy a unique ephemeral machine executable code instance, (Mohanty Figure 3 generation of a virtual temporary machine instance with workload. This is the ephemeral machine because it is temporary. This is configured based on the workload and available resources at the time. So this is unique. Figure 4 step 410 shows the virtual machine with unique configuration is deployed on the cloud. Mohanty recites in [0005] starting at line 1 “In cloud computing platforms, the workload lifecycle may change rapidly. Workloads may be configured for specific operations and may be active for a limited duration, depending on the context of the workload. A workload may be deployed on a cloud computing platform including a number of persistent virtual machines (VMs ). The workload may use additional, temporary resources, as traffic or processing demands for the workload increase.” This shows workloads are configured for specific operations and hence unique. Workloads are deployed are active for a limited duration, hence this is ephemeral. Mohanty recites in [0005] last sentence “Virtual machines may be allocated dynamically in response to changes in workloads executing in the cloud computing platform, which may allow the cloud computing platform to augment the processing capabilities assigned to a workload with additional capabilities on an as-needed basis.” This shows that virtual machines are deployed serially as needed.)

via said secure network interface, (Mohanty Figure 1 shows cloud platform 120 which has multiple “temporary VM instances” [box 130]. These are deployed in a cloud platform and hence by design there are deployed via network interfaces. Box 132 in each temporary VM shows a “security agent” [134], which teaches that VMs are deployed via secure network interface.) 

Mohanty teaches generation of temporary [or ephemeral] virtual operating systems with workload. Mohanty does not explicitly mention, “to a given one of said digital processing resources to be executed thereon for a predetermined runtime period, wherein execution of each said unique ephemeral machine executable code instance is automatically terminated after said predetermined runtime period to be operatively replaced by a subsequent unique ephemeral machine executable code instance.” However, in analogous art of ephemeral executable generation, Giuffrida teaches, 

to a given one of said digital processing resources to be executed thereon for a predetermined runtime period, (Giuffrida recites on page 5, paragraph 2, starting at line 3, “To avoid slowing down the first boot process, an option is to perform the rerandomization lazily, for example replacing one OS process at the time at regular time intervals. After the first round, we continuously perform live rerandomization of individual OS components in the background. …. Rerandomization can only be performed after a full reboot, with a different variant loaded every time.” This shows the application is executed for a predetermined runtime period.) 

wherein execution of each said unique ephemeral machine executable code instance is automatically terminated after said predetermined runtime period to be operatively replaced by a subsequent unique ephemeral machine executable code instance. (Giuffrida recites on page 5, paragraph 2, starting at line 3, “To
avoid slowing down the first boot process, an option is to perform the rerandomization lazily, for example replacing one OS process at the time at regular time intervals.
After the first round, we continuously perform live rerandomization of individual OS components in the background. …. Rerandomization can only be performed after a full reboot, with a different variant loaded every time.” This shows after predetermined runtime, the executable is replaced by a subsequent ephemeral executable.) 

Therefore, it would have been obvious to a person of the ordinary skill in the art before the effective filling date of the invention to modify the above teaching of Mohanty of ephemeral software executable generation by incorporating the teaching “to a given one of said digital processing resources to be executed thereon for a predetermined runtime period, wherein execution of each said unique ephemeral machine executable code instance is automatically terminated after said predetermined runtime period to be operatively replaced by a subsequent unique ephemeral machine executable code instance” of Giuffrida. The modification would have been obvious because one of the ordinary skills of the art would have implemented the function of execution of the ephemeral applications for a specified time and starting a different version of the application after the specified time. This will make improve security of the application by confusing an intruder.   

 
As per claim 3, Giuffrida teaches,

wherein said central digital processing environment further comprises a network interface to a stockpile of each said unique ephemeral machine executable code instance to be accessed therefrom for deployment. (Giuffrida recites on page 8, column 1, last paragraph "This approach enables sharing and lazy loading/unloading of individual modules with no restriction, while allowing our rerandomization strategy to randomize (and rerandomize) every module in a fine-grained manner." Please load "lazy loading" by definition means that modules have been recompiled and stockpiled beforehand and loaded only when needed.)

As per claim 4, Mohanty teaches,

wherein said subsequent unique ephemeral machine executable code instance is deployed to a distinct one of said digital processing resources. (Mohanty Fig. 1 shows multiple temporary VM instances. Each VM is allocated different workload and deployed to different available resources as available.) 

As per claim 5, Giuffrida teaches, 

wherein said subsequent unique ephemeral machine executable code instance is deployed to a same one of said digital processing resources. (Giuffrida shows each instance is created using address space randomization [ASR]. Due to change of address space each instant becomes Please refer to page 1, column 2, bottom paragraph. However, the OS module is deployed to the same hardware resource.) 


As per claim 6, Mohanty teaches, 

wherein said given unique ephemeral machine executable code instance is executable to implement an ephemeral virtual server. (Mohanty recites in [0039] starting on line 4, “For example, if Apache HTTP server, which is generally used to serve requests for web pages, is deployed on a temporary virtual machine instance, VM instance analyzer 152 can determine that port 80 should be open on the temporary virtual machine instance to allow the deployed HTTP server to serve web pages to requesting devices.” This shows ephemeral virtual OS is a server OS.)


As per claim 10, Giuffrida teaches,

wherein each said given unique machine executable code instance is uniquely obfuscated. (Giuffrida teaches on page 1, column 2, bottom paragraph shows “address space randomization (ASR) inside the operating system and present the first comprehensive design to defend against classic and emerging OS-level attacks.” Due to random address generation each instant is uniquely obfuscated.) 

As per claim 11, Giuffrida teaches, 

wherein each said given unique machine executable code instance is executable to implement a cryptographic process during said predetermined runtime period. (Giuffrida recites in page 7, column 1, paragraph 3, last sentence “Our transformations can be configured to use cryptographically random number generators for code, data, and stack instrumentation, while, similar to prior approaches [14], we always resort to pseudo-random generation in the other cases for efficiency reasons.”)

As per claim 12, Giuffrida teaches,

wherein said cryptographic process comprises a short-term virtual cryptographic machine process. (Giuffrida recites in page 7, column 1, paragraph 3, last sentence “Our transformations can be configured to use cryptographically random number generators for code, data, and stack instrumentation, while, similar to prior approaches [14], we always resort to pseudo-random generation in the other cases for efficiency reasons.” Here random number generation is a short-term machine process.)


As per claim 13, Mohanty teaches,

 A security application distribution method to be automatically executed within a secure cloud-based processing environment, (Mohanty Figure 1 shows VM applications 130 which includes a security agent. Hence this is a security application. Please see “Claim Interpretation” section above. Figure 4 step 410 shows deployment in a cloud-based environment.)

comprising: 

serially deploying, via a secure network interface of said secure central digital processing environment, said unique ephemeral machine executable code instances amongst a distribution of digital network processing resources of the cloud-based environment, (Mohanty Figure 3 generation of a virtual temporary machine instance with workload. This is the ephemeral machine because it is temporary. This is configured based on the workload and available resources at the time. So, this is unique. Figure 4 step 410 shows the virtual machine with unique configuration is deployed on the cloud. Mohanty recites in [0005] starting at line 1 “In cloud computing platforms, the workload lifecycle may change rapidly. Workloads may be configured for specific operations and may be active for a limited duration, depending on the context of the workload. A workload may be deployed on a cloud computing platform including a number of persistent virtual machines (VMs ). The workload may use additional, temporary resources, as traffic or processing demands for the workload increase.” This shows workloads are configured for specific operations and hence unique. Workloads are deployed are active for a limited duration, hence this is ephemeral. Mohanty recites in [0005] last sentence “Virtual machines may be allocated dynamically in response to changes in workloads executing in the cloud computing platform, which may allow the cloud computing platform to augment the processing capabilities assigned to a workload with additional capabilities on an as-needed basis.” This shows that virtual machines are deployed serially as needed.)

compiling source code in a secure central digital processing environment to produce a plurality of unique ephemeral machine executable code instances representative thereof and executable to implement a security application; and (Giuffrida recites on page 4, column 2, bottom paragraph in the middle of the paragraph “In our design, all the OS processes (and the microkernel) are randomized using a link-time transformation implemented with the LLVM compiler framework [42]. The transformation operates on prelinked LLVM bitcode to avoid any lengthy recompilation process at runtime.” This shows avoiding recompilation during runtime. That means the compilation has been performed before runtime. Giuffrida recites on page 2, column 1, paragraph 2, middle of the page “Our approach addresses all the challenges considered and improves existing ASR solutions in terms of both performance and security, especially in light of emerging ROP-based attacks.” This shows that the created OS provides security or it is a security application.) 

to be executed thereon for a predetermined runtime period, (Giuffrida recites on page 5, paragraph 2, starting at line 3, “To avoid slowing down the first boot process, an option is to perform the rerandomization lazily, for example replacing one OS process at the time at regular time intervals. After the first round, we continuously perform live rerandomization of individual OS components in the background. …. Rerandomization can only be performed after a full reboot, with a different variant loaded every time.” This shows the application is executed for a predetermined runtime period.) 

wherein execution of each said unique ephemeral machine executable code instance is automatically terminated after said predetermined runtime period to be operatively replaced by a subsequent unique ephemeral machine executable code instance. (Giuffrida recites on page 5, paragraph 2, starting at line 3, “To
avoid slowing down the first boot process, an option is to perform the rerandomization lazily, for example replacing one OS process at the time at regular time intervals.
After the first round, we continuously perform live rerandomization of individual OS components in the background. …. Rerandomization can only be performed after a full reboot, with a different variant loaded every time.” This shows after predetermined runtime, the executable is replaced by a subsequent ephemeral executable.) 
 
As per claim 15, Mohanty teaches,

further comprising, after said deploying, securely activating said unique machine executable code instance for execution on a given one of said digital network processing resources, and providing said unique machine executable code instance operative access to at least one required runtime operational parameter solely upon successful activation. (Mohanty Fig. 3 step 310 shows allocation of a temporary virtual machine instance to a workload. Here workload is the runtime parameter provided to the virtual OS.)  

As per claim 18, Giuffrida teaches,

wherein said compiling is implemented to produce a stockpile of said unique ephemeral machine executable code instances, and wherein said deploying comprises deploying each given unique ephemeral machine executable code instance on demand from said stockpile. (Giuffrida recites on page 8, column 1, last paragraph "This approach enables sharing and lazy loading/unloading of individual modules with no restriction, while allowing our rerandomization strategy to randomize (and rerandomize) every module in a fine-grained manner." Please load "lazy loading" by definition means that modules have been recompiled and stockpiled beforehand and loaded only when needed.)

As per claim 20, Giuffrida teaches,

wherein each of said unique machine executable code instances is uniquely obfuscated. (It has been shown before that Giuffrida teaches address space randomization for obfuscation. Because of randomness each machine executable code is obfuscated uniquely.) 

Claims 2 and 19 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Mohanty and Giuffrida as applied to claims 1 and 13 in view of Poupon et al. (hereinafter Poupon, Application No.: GB 2558879).  


As per claim 2, Mohanty and Giuffrida teach generation of temporary [or ephemeral] computer executables. They do not explicitly mention, “wherein said central digital processing environment further comprises: a computer-readable memory securely storing a source code thereon; and a compiler operable by said digital hardware processor in said central digital processing environment to compile each said unique ephemeral machine executable code instance representative of said source code.” However, in analogous art of ephemeral executable generation, Poupon teaches, 


wherein said central digital processing environment further comprises: 

a computer-readable memory securely storing a source code thereon; and (Poupon Fig. 2 box 120 shows memory.) 

a compiler operable by said digital hardware processor in said central digital processing environment to compile each said unique ephemeral machine executable code instance representative of said source code. (Poupon paragraph [0078] recites “An effect of the present disclosure is the provision of a method, system and apparatus that enable service providers to quickly develop and deploy ephemeral applications targeting various types of clients (e.g., applications designed for a
specific event).” This shows development of an ephemeral application. Development of an application includes compilation of a source code.) 

Therefore, it would have been obvious to a person of the ordinary skill in the art before the effective filling date of the invention to modify the above teaching of Mohanty and Giuffrida of ephemeral computer executable creation by incorporating the teaching “wherein said central digital processing environment further comprises: a computer-readable memory securely storing a source code thereon; and a compiler operable by said digital hardware processor in said central digital processing environment to compile each said unique ephemeral machine executable code instance representative of said source code” of Poupon. The modification would have been obvious because one of the ordinary skills of the art would have implemented the function of compilation of source code with appropriate changes to create ephemeral computer executables. 


As per claim 19, Poupon teaches, 

wherein said compiling is serially implemented on demand to produce said unique ephemeral machine executable code instances. (Poupon recites in [78] “An effect of the present disclosure is the provision of a method, system and apparatus that enable service providers to quickly develop and deploy ephemeral applications targeting various types of clients (e.g., applications designed for a specific event).” This shows that each development is performed on a as needed basis. That is compiling is performed serially as needed.) 

Claim 14 is rejected under AIA  35 U.S.C. 103 as being unpatentable over Mohanty and Giuffrida as applied to claims 1 and 13 in view of Wyseur et al. (hereinafter Wyseur, “WHITE-BOX CRYPTOGRAPHY: HIDING KEYS IN SOFTWARE”, 2012, NAGRA Kudelski Group).  


As per claim 14, Mohanty and Giuffrida teach generation of temporary [or ephemeral] computer executables. They do not explicitly mention, “wherein said compiling comprises embedding cryptographic data within said given unique machine executable code instance in a white box encryption process.” However, in analogous art of ephemeral executable generation, Wyseur teaches,

wherein said compiling comprises embedding cryptographic data within said given unique machine executable code instance in a white box encryption process. (Wyseur recites on page 2, paragraph 4, "The main idea is to embed both the fixed key (in the form of data but also in the form of code) and random data (instantiated at compilation time) in a composition from which it is hard to derive the original key.'')

Therefore, it would have been obvious to a person of the ordinary skill in the art before the effective filling date of the invention to modify the above teaching of Mohanty and Giuffrida of ephemeral computer executable creation by incorporating the teaching “wherein said compiling comprises embedding cryptographic data within said given unique machine executable code instance in a white box encryption process” of Wyseur. The modification would have been obvious because one of the ordinary skills of the art would have implemented the function of embedding cryptographic data into the executables during compilation such that it will be hard for an intruder to decode the executable code. 

Allowable Subject Matter


Claims 7, 8, 9, 16 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if written in independent form including all of the limitations of the base claim and any intervening claims. 

Conclusion

Examiner has cited particular columns, line numbers, references, or figures in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of the art and are applied to specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses to fully consider the reference in entirety, as potentially teaching all or part of the claimed invention. See MPEP §§ 2141.02 and 2123.

Contact Information


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOSSAIN MORSHED whose telephone number is (571)272-3335.  The examiner can normally be reached on Monday - Friday 8AM - 5PM. The fax number and the email address for the examiner is (571)273-3335 and hossain.morshed@uspto.gov. Please note that an applicant can send email messages to the examiner but the examiner cannot send email messages to the applicant without written authorization from the applicant. An applicant can authorize the examiner for email communication by mentioning the following in an email, “According to MPEP 502.03, recognizing that Internet communications are not secure, I hereby authorize the examiner to communicate with me concerning any subject matter of this application by electronic mail. I understand that a copy of these communications will be made of record in the application file.”

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Zhen can be reached on (571)272-3708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HOSSAIN M MORSHED/Primary Examiner, Art Unit 2191                                                                                                                                                                                                        November 5, 2022