DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11140134. Although the claims at issue are not identical, they are not patentably distinct from each other because Claims of patent application contain every element of claims above instant application or vice versa, and as such they anticipate or anticipated by Instant Application. As to Claims 1, 10, 16, of the Pat. *134 anticipates the claims of the instant application. By way of illustration, consider the respective claim 1 from each disclosure:
Claim 1 of the instant application
Claim 1 of the ‘134 Patent
1. A computer-implemented method of providing secure integrity checking, the computer-implemented method comprising: maintaining, by a protected application of a proxy device, a data structure for performing a process for data integrity verification in response to client requests, the proxy device storing instructions of the protected application within a secure memory space, wherein the secure memory space is allocated and managed by a chip set of the proxy device; receiving, at a network interface of the proxy device from a client device, a client request for data managed by a database server computer; transmitting the client request from the proxy device to the database server computer, receiving, by the proxy device from the database server computer, a response to the client request, the response comprising data requested by the client request; verifying, at the proxy device, integrity of the data of the response from the database server computer, the data being verified utilizing the data structure maintained by the proxy device; and transmitting, from the proxy device to the client device, the response when the response is verified
1. A computer-implemented method of providing secure integrity checking, the computer-implemented method comprising: maintaining, by a protected application of a proxy device, a tree data structure for performing a process for data integrity verification in response to client requests, the proxy device storing instructions of the protected application within a secure memory space, wherein the secure memory space is allocated and managed by a chip set of the proxy device; receiving, at a network interface of the proxy device from a client device, a client request for data managed by a database server computer; transmitting the client request from the proxy device to the database server computer; receiving, by the proxy device from the database server computer, a response to the client request, the response comprising data requested by the client request; verifying, at the proxy device, integrity of the data of the response from the database server computer, the data being verified utilizing the tree data structure maintained by the proxy device, wherein the tree data structure comprises a plurality of nodes, each of the plurality of nodes comprising a key, a version identifier, and a present identifier; and transmitting, from the proxy device to the client device, the response when the response is verified


Independent claims 1, 10, 16 of the instant application are substantially similar to independent claims 1, 10, 16, of the Pat. *134 and are rejected for substantially similar reasons as discussed supra.  Likewise, dependent claims 2-9, 11-15, 17-20 of the instant application are substantially similar to dependent claims 2-9, 11-15, 17-20 (respectively) of the Pat. *134 and are rejected for substantially similar reasons as discussed supra.



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 10-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Claim 10 recites “…A computer product comprising a computer readable medium storing…”. The broadest reasonable interpretation of a claim drawn to a storage medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is absent an explicit definition or is silent. See MPEP 2111.01. When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. § 101 as covering non-statutory subject matter. The Examiner suggests amending the claim to include non-transitory computer-readable storage medium.



Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Thomas (Pub. No. US 2014/0020072) in view of Yoon et al (KR20170091248).


As per claim 1, Thomas discloses a computer-implemented method of providing secure integrity checking, the computer-implemented method comprising: maintaining, by a protected application of a proxy device, a data structure for performing a process for data integrity verification in response to client requests, the proxy device storing instructions of the protected application within a secure memory space (…user accessing at least one cloud computing facility through a client device is provided with security protection through a proxy server providing a computer security service…the proxy server including a memory that stores the plurality of proxy access credentials for the plurality of cloud computing facilities, along with access credentials for the user to access the proxy server, and the proxy server further including a processor configured to conditionally grant access by the user to one or more of the plurality of cloud computing facilities through the proxy server with a corresponding one of the plurality of proxy access credentials based upon a verification of an identity of the user against the access credentials in response to receiving a request from client device… and a verification that a security state of the client device is in compliance with a security policy…see par. 59-62), wherein the secure memory space is allocated and managed by a chip set of the proxy device; receiving, at a network interface of the proxy device from a client device, a client request for data managed by a database server computer (see par. 62); transmitting the client request from the proxy device to the database server computer; receiving, by the proxy device from the database server computer, a response to the client request, the response comprising data requested by the client request; verifying, at the proxy device, integrity of the data of the response from the database server computer, the data being verified utilizing the data structure maintained by the proxy device; and  transmitting, from the proxy device to the client device, the response when the response is verified (…receiving access credentials from the user through the secure link…verifying an identity of the user with the access credentials…assessing a security state of the client device to determine if the client is in compliance with the security policy…based upon verification that the client is in compliance with the security policy…transfer the data from the client device to one of the plurality of cloud computing facilities…see par. 61-62). Thomas does not explicitly disclose wherein the secure memory space is allocated and managed by a chip set of the proxy device. However Yoon discloses wherein the secure memory space is allocated and managed by a chip set of the proxy device (…see the memory space in on-chip area…that stores integrity verification process…see par. 17, 37). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to sue Yoon in Thomas for including the above limitations because one ordinary skill in the art would recognize it would further improve the processing of the processer that receives information from the memory since the integrity of the data in the memory would have to be guaranteed in order to guarantee the reliability and stability of the processor…see Yoon, par. 6.



As per claim 10, Thomas discloses a computer product comprising a computer readable medium storing a plurality of instructions for controlling a computer system to perform operations comprising: generating, by a protected application of the computer system, a data structure for performing a process for data integrity verification in response to client requests, the computer system storing instructions of the protected application within a secure memory space (…user accessing at least one cloud computing facility through a client device is provided with security protection through a proxy server providing a computer security service…the proxy server including a memory that stores the plurality of proxy access credentials for the plurality of cloud computing facilities, along with access credentials for the user to access the proxy server, and the proxy server further including a processor configured to conditionally grant access by the user to one or more of the plurality of cloud computing facilities through the proxy server with a corresponding one of the plurality of proxy access credentials based upon a verification of an identity of the user against the access credentials in response to receiving a request from client device… and a verification that a security state of the client device is in compliance with a security policy…see par. 59-62) that is allocated and managed by a chip set of the computer system; receiving, at a network interface of the computer system, a client request for data maintained within a database accessible to the computer system (see par. 62); obtaining, by the computer system from the database, data corresponding to the client request; verifying, by the computer system, integrity of the data from the database, the verification utilizing the data structure maintained by the computer system, at least a portion of the data structure being maintained within the secure memory space; and transmitting, by the computer system, a response to the client request, the response comprising at least a portion of the verified data (…receiving access credentials from the user through the secure link…verifying an identity of the user with the access credentials…assessing a security state of the client device to determine if the client is in compliance with the security policy…based upon verification that the client is in compliance with the security policy…transfer the data from the client device to one of the plurality of cloud computing facilities…see par. 61-62). Thomas does not explicitly disclose a secure memory space that is allocated and managed by a chip set of the proxy device. However Yoon discloses a secure memory space that is allocated and managed by a chip set of the proxy device (…see the memory space in on-chip area…that stores integrity verification process…see par. 17, 37). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to sue Yoon in Thomas for including the above limitations because one ordinary skill in the art would recognize it would further improve the processing of the processer that receives information from the memory since the integrity of the data in the memory would have to be guaranteed in order to guarantee the reliability and stability of the processor…see Yoon, par. 6.



As per claim 16, Thomas discloses a system comprising: a client device; a database server computer (see fig.2); and a proxy device (see proxy server…par. 59) that stores instructions of a protected application within a secure memory space that is allocated and managed by a chip set of the proxy device, the proxy device being configured to: access, by a protected application of a proxy device, a hash tree for performing a process for data integrity verification in response to client requests, the proxy device storing instructions of the protected application within the secure memory space (…user accessing at least one cloud computing facility through a client device is provided with security protection through a proxy server providing a computer security service…the proxy server including a memory that stores the plurality of proxy access credentials for the plurality of cloud computing facilities, along with access credentials for the user to access the proxy server, and the proxy server further including a processor configured to conditionally grant access by the user to one or more of the plurality of cloud computing facilities through the proxy server with a corresponding one of the plurality of proxy access credentials based upon a verification of an identity of the user against the access credentials in response to receiving a request from client device… and a verification that a security state of the client device is in compliance with a security policy…see par. 59-62), wherein the secure memory space is allocated and managed by the database server computer; forward a client request received from the client device to the database server computer, the client request requesting data managed by the receive, from the database server computer, receive, from the database server computer, a response to the client request, the response including database entries comprising at least the data requested; verify, at the proxy device, integrity of the response from the database server computer (…receiving access credentials from the user through the secure link…verifying an identity of the user with the access credentials…assessing a security state of the client device to determine if the client is in compliance with the security policy…based upon verification that the client is in compliance with the security policy…transfer the data from the client device to one of the plurality of cloud computing facilities…see par. 61-62), the verification utilizing the hash tree accessible to the proxy device, a first portion of the hash tree being stored within the secure memory space and a second portion of the hash tree being stored within an unsecure memory space; and transmit the response when the response is verified (transfer the data from the client device to one of the plurality of cloud computing facilities…see par. 61-62). Thomas does not explicitly disclose a system…that stores instructions of a protected application within a secure memory space that is allocated and managed by a chip set of the proxy device…the verification utilizing the hash tree accessible to the proxy device, a first portion of the hash tree being stored within the secure memory space and a second portion of the hash tree being stored within an unsecure memory space. However Yoon discloses a system…that stores instructions of a protected application within a secure memory space that is allocated and managed by a chip set of the proxy device…the verification utilizing the hash tree accessible to the proxy device, a first portion of the hash tree being stored within the secure memory space and a second portion of the hash tree being stored within an unsecure memory space (…see the memory space in on-chip area…that stores integrity verification process…a process of constructing a reference Merkle tree having a hash value…to each partial memory block of a memory…the on-chip area is a trusted area that is safe from security attacks, and the off-chip area is an untrusted area that is relatively unsafe from security attacks…see par. 7-8, 17,22-23, 37). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to sue Yoon in Thomas for including the above limitations because one ordinary skill in the art would recognize it would further improve the processing of the processer that receives information from the memory since the integrity of the data in the memory would have to be guaranteed in order to guarantee the reliability and stability of the processor…a tree structure would minimize time delay due to a verification process and minimizing storage space consumption…see Yoon, par. 6, 52.

 
As per claim 2, Thomas and Yoon discloses wherein the data structure is a Merkle B+- tree that comprises a plurality of nodes, each of the plurality of nodes comprising at least one of: a key, a version identifier, or a present identifier (Yoon: see par. 8). The motivation for claim 2 is the same motivation as in claim 1 above.
  

As per claim 3, Thomas and Yoon discloses wherein at least one node of the plurality of nodes comprises at least one hashed value corresponding to hashed data of a child node of the at least one node (Yoon: see par. 7-8). The motivation for claim 3 is the same motivation as in claim 1 above.


As per claim 4, Thomas and Yoon discloses wherein verifying integrity of the data received from the database server computer comprises: computing, by the protected application of the proxy device, a plurality of hashes of the data received from the database server computer; comparing, by the protected application of the proxy device, the plurality of hashes to hashed values associated with a subset of the plurality of nodes of the data structure; and determining, by the protected application based on the comparison, that the plurality of hashes match the hashed values associated with the subset of the plurality of nodes of the data structure, wherein the integrity of the data is verified based on the determination (Yoon: a hash value for the first queue is calculated and compared with a hash value stored in the memory of the on-chip…it provides a memory integrity verification…see par. 37-38). The motivation for claim 4 is the same motivation as in claim 1 above.


As per claim 5, Thomas and Yoon discloses storing, by the protected application, the data received in the response in a cache of the secure memory space; receiving, at the network interface of the proxy device from the client device, a subsequent client request; determining that requested data of the subsequent client request is cached in the secure memory space; and providing, by the protected application, the requested data from the cache of the secure memory space (Thomas: see par. 61-62).


As per claim 6, Thomas and Yoon discloses wherein the secure memory space in inaccessible to hardware and software of the proxy device other than the chip set (Yoon: see par. 8, 17). The motivation for claim 6 is the same motivation as in claim 1 above.


As per claim 7, Thomas and Yoon discloses wherein the proxy device operates at the database server computer (Thomas: see par. 61).


As per claim 8, Thomas and Yoon discloses wherein at least a portion of the data structure is maintained in an unsecured memory space accessible to the protected application (Yoon: see par. 17). The motivation for claim 8 is the same motivation as in claim 1 above.


As per claim 9, Thomas and Yoon discloses wherein node data corresponding to a root node of the data structure is stored in the secure memory space that is accessible only to the chip set (Yoon: see par. 7, 17). The motivation for claim 9 is the same motivation as in claim 1 above.


As per claim 11, Thomas and Yoon discloses wherein the operations further comprise: computing, by the protected application of the computer system, a plurality of hashed values of the data obtained from the database; and storing, by the protected application of the computer system, the plurality of hashed values in a cache maintained within the secure memory space, wherein the cache is utilized to provide subsequent data in response to subsequent client requests (Thomas: see par. 61-62).


As per claim 12, Thomas and Yoon discloses wherein the plurality of hashed values corresponding to respective nodes in the data structure, the respective nodes corresponding to a path from a node containing the requested data to a root node of the data structure (Yoon: see par. 7, 17). The motivation for claim 12 is the same motivation as in claim 10 above.


As per claim 13, Thomas and Yoon discloses wherein the operations further comprise: computing, by the protected application of the computer system, a plurality of hashed values of the data obtained from the database, the plurality of hashed values corresponding to nodes of the data structure; determining, by the protected application of the computer system, particular data that is requested most often from the database; and storing, by the protected application in the secure memory space, hashed values of the plurality of hashed values that correspond to the particular data that is requested most often from the database (Yoon: see par. 37-38). The motivation for claim 13 is the same motivation as in claim 10 above.



As per claim 14, Thomas and Yoon discloses wherein the operations further comprise: receiving, by the protected application of the computer system, a subsequent client request for additional data; determining a hashed value corresponding to the additional data requested is stored in the secure memory space; and transmitting the additional data based at least in part on determining that the hashed value corresponding to the additional data is stored in the secure memory space (Thomas: 61-62).


As per claim 15, Thomas and Yoon discloses wherein the data structure is a Merkle tree that comprises a plurality of nodes, each of the plurality of nodes comprising at least one of: a key, a version identifier, or a present identifier (Yoon: see par. 7-8). The motivation for claim 15 is the same motivation as in claim 10 above.


As per claim 17, Thomas and Yoon discloses wherein the secure memory space in inaccessible to hardware and software of the proxy device other than the chip set (Yoon: see par. 8, 17). The motivation for claim 17 is the same motivation as in claim 16 above.


As per claim 18, Thomas and Yoon discloses wherein the proxy device operates at the database server computer (Thomas: see par. 61).


As per claim 19, Thomas and Yoon discloses wherein a root node of the hash tree is maintained in the secure memory space, and wherein a portion of the hash tree is maintained in an unsecured memory space accessible to the protected application (Yoon: see par. 17). The motivation for claim 19 is the same motivation as in claim 16 above.


 As per claim 20, Thomas and Yoon discloses wherein verifying integrity of the response from the database server computer comprises: obtaining, from a cache associated with the database server computer, a plurality of hash values related to the data requested by the client device; computing a root node hash from the plurality of hash values obtained; comparing, by the protected application of the proxy device, the root node hash computed from the plurality of hash values to a stored hash value associated with a root node of the hash tree, the stored hash value of the root node being stored in the secure memory space; and determining, by the protected application based on the comparison, that the response is verified based at least in part on determining from the comparison that the root node hash computed from the plurality of hash values matches the stored hash value stored in the secure memory space (Yoon: a hash value for the first queue is calculated and compared with a hash value stored in the memory of the on-chip…it provides a memory integrity verification…see par. 37-38).  The motivation for claim 20 is the same motivation as in claim 16 above.









Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
Edvalson et al (Pub. No. US 2005/0234961); “Systems and Methods for Providing a Proxy for a Shared File System”;
-Teaches proxy file system perform user validation and authentication functions using the client’s credentials…see par. 57-60.


Graham et al (Pub. No. US 2002/0178271); “Dynamic File Access Control and Management’;
-Teaches when an end-user requests a file, the proxy system obtains verification of the authentication of the user from the authentication system and in cooperation with the policy system, the proxy system determines if the requesting user has the right to access the file…see par. 20-23.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499