DETAILED ACTION

Claims are 2-40 are presented for examination. Claims 1-20 have been cancelled.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter

Claims 30 and 40 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Information Disclosure Statement

The Information Disclosure Statement(s) submitted by applicant on 04/04/2022 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 21-29 and 31-39  are rejected under 35 U.S.C. 103 as being unpatentable over Tidd et al. (US Patent  No. 8,688,734) (Hereinafter Tidd) in view of Kabra et al. (US Patent Application No. 20180089457) (Hereinafter Kabra).

As per claim 21 and 31, Tidd discloses  A method performed by a computing system kernel,  A computing system comprising:
 at least one processor (fig 1); and
 memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide a kernel-mode component in the computing system, the kernel-mode component configured to: receive a data manipulation request to manipulate target data (fig 1, col 3, lines 4-9, 27-33, col. 4, lines 7-19, where the access or  request caused by the application is intercepted by file access manager driver (filter driver) through file system driver stack  and it would be determined whether to open the (target) file based on the notification via file access manager driver); 
identify a storage location of the target data (col. 4, lines 7-19, where the access or  request caused by the application is intercepted by file access manager driver (filter driver) through file system driver stack  and it would be determined whether to open the (target) file based on the notification via file access manager driver); 
based on determining the storage location is on a data storage device that holds a protected storage volume, compare the calling process to an entry in a whitelist file, the entry identifying an authorized calling process that is authorized to access the protected storage volume (fig 6, col 6, lines 21-29, the administrator saves the allowable directories and files in the form of user/group file whitelist  to storage medium (not shown) of computer 100. In one example, each user/group file whitelist 170 is stored in an XML file in a user-specific or group-specific directory. Further, this file or directory can have read-only access properties for users or groups 190. The properties are enforced by OS 110 and prevent unauthorized modifications of user allowable directories and files"; col. 7, lines 57-64, "At step 610, an authenticated user 190 attempts to access a directory or file path of computer 100 by initiating one of session processes 154. For example, the session process may be a word processing program, such as Microsoft Word® and the directory or file may be a document the user wishes to edit. At step 620, kernel file system driver stack 124 transmits directory or file path to be accessed to file access manager driver 128." col 8, lines 24-47, "public file whitelist 158 and user/group file whitelist 170 are both stored in kernel space memory ... comparing file name strings, and/or iterating through a directory and comparing file name strings found therein ... At step 660, having determined that the directory or file path is not present in any whitelist. file access manager driver 45 128 denies the user/group 190 access and/or visibility to directory or file path. That is, an access request failure is returned to kernel file system driver stack 124"  where if the target file is determined not to be a driver file, for example, the target file is a document file, it would be compared with the directory or file path in the whitelist); and 
based on the authorization signal, generate an instruction to block the data manipulation request from being executed (fig 6, col 6, lines 21-29, "At step 330, the administrator saves the allowable directories and files in the form of user/group file whitelist 170 to storage medium (not shown) of computer 100. In one example, each user/group file whitelist 170 is stored in an XML file in a user-specific or group-specific directory. Further, this file or directory can have read-only access properties for users or groups 190. The properties are enforced by OS 110 and prevent unauthorized modifications of user allowable directories and files"; col 7, lines 57-64, "At step 610, an authenticated user 190 attempts to access a directory or file path of computer 100 by initiating one of session processes 154. For example, the session process may be a word processing program, such as Microsoft Word® and the directory or file may be a document the user wishes to edit. At step 620, kernel file system driver stack 124 transmits directory or file path to be accessed to file access manager driver 128." col 8, lines 24-47, "public file whitelist 158 and user/group file whitelist 170 are both stored in kernel space memory... comparing file name strings, and/or iterating through a directory and comparing file name strings found therein ... At step 660, having determined that the directory or file path is not present in any whitelist. file access manager driver 128 denies the user/group 190 access and/or visibility to directory or file path. That is, an access request failure is returned to kernel file system driver stack 124" [Emphasis added.] where once the target file is determined not to be a driver file, for example, the target file is a document file, it would be compared with the directory or file path in the whitelist protected by the read-only property, in that case, the comparison may be made with the whitelist file or the directory that includes the whitelist itself. Then, the access request would be denied if the target file or path is not present in the whitelist, i.e. protected.).
Tidd does not explicitly disclose based on the comparison, generate an authorization signal indicating that a requesting calling process corresponding to the data manipulation request is not authorized by the whitelist file. However, Kabra discloses based on the comparison, generate an authorization signal indicating that a requesting calling process corresponding to the data manipulation request is not authorized by the whitelist file (para 55, an initialization step can be performed to identify important or sensitive files and ranges within the disk storage, such as record ranges corresponding to important operating system files, the boot sector such as a master boot record (MBR), a master file table, and security application files (e.g.,. for self-protection of the agent and other security service, etc.), among other examples. Corresponding policies can be applied to various types of protected disk data record ranges and paragraph 59: "In some instances, a whitelist or blacklist can be consulted to determine whether to provide the read back request or a full view of the data or to trigger a false data read action.").
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Tidd and Kabra. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

As per claims 22 and 32, claims are rejected for the same reasons and motivation as claim 21. In addition, Kabra disclose  wherein the whitelist file identifies a plurality of authorized calling processes that are authorized to access the protected storage volume, and the authorization signal is generated based on a comparison of the requesting calling process to the plurality of authorized calling processes file (para 59, In some instances, a whitelist or blacklist can be consulted to determine whether to provide the read back request or a full view of the data).

As per claims 23 and 33, claims are rejected for the same reasons and motivation as claim 21. In addition, Kabra disclose  wherein the kernel-mode component is executed by a Tidd of the computing system (fig  1, col 3, lines 4-9, 27-33, "OS segregates virtual memory into a kernel-mode address space 1 (i.e., kernel space) and a user-mode address space  (i.e., user space). In general terms, kernel space is reserved for running an OS kernel).

As per claims 24 and 34, claims are rejected for the same reasons and motivation as claim 21. In addition, Tidd disclose  wherein the kernel-mode component is attached to the storage device that stores the target data (fig 1,  7A,  col 9, lines 6-14, The Windows Remote Procedure Call Service, rpcss.exe, is an example of such a process,   of fig 1 is storage system, operations performed by Kernel file system).

As per claims 25 and 35, claims are rejected for the same reasons and motivation as claim 21. In addition, Kabra disclose  wherein the kernel-mode component comprises a volume driver that is loaded into a volume driver stack corresponding to the protected storage volume (para 20, 40, class filter drivers).

As per claims 26 and 36, claims are rejected for the same reasons and motivation as claim 21. In addition, Tidd disclose  wherein the volume driver is configured to receive the data manipulation request and forward the data manipulation request to the data storage device (fig 1,  7A,  col 9, lines 6-14, storage system, operations performed by Kernel file system).

As per claims 27 and 37, claims are rejected for the same reasons and motivation as claim 21. In addition, Tidd disclose  wherein the kennel-mode component is configured to: identify a target volume that includes the storage location; and compare the target volume to one or more identifiers that identify protected volumes (fig 6, col 6, lines 21-29, the allowable directories and files in the form of user/group file whitelist  to storage medium (not shown) of computer).

As per claims 28 and 38, claims are rejected for the same reasons and motivation as claim 21. In addition, Kabra disclose  wherein the kernel-mode component is configured to identify a user originating the data manipulation request in the requesting calling process (para 59, request originates from this program, with the assistance of the disk access security agent and potentially other security management applications).

As per claim 29 and 39, claims are rejected for the same reasons and motivation as claim 21. In addition, Kabra disclose   wherein the kernel-mode component is configured to determine whether the user is identified by the entry in the whitelist file and, based on the determination, generate an authorization output indicating that the identified user is authorized by the whitelist file (para 59, In some instances, a whitelist or blacklist can be consulted to determine whether to provide the read back request or a full view of the data).


Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493