DETAILED ACTION
Office Action Summary
Claims 1-15 are pending in the instant application.
Claims 1-2, 7-11, 13 and 15 are rejected under 35 USC § 102.
Claims 3-6, 12 and 14-15 are rejected under 35 USC § 103.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-2, 7-13 and 15 are rejected under 35 U.S.C. 102(a)(1 or 2) as being anticipated by Sandberg et al. (WO 2020217043 A1) hereinafter referred to as Sandberg.

As per claim 1, 13 and 15, Sandberg teaches … detecting a cache-based side-channel attack, the method comprising: utilizing a timer thread that continuously increments a variable in code of an application that has been instrumented such that the instrumented code uses the variable incremented by the timer thread to infer an amount of time taken for running a part of the code; (Sandberg, [0040] Secure functions may be designated as an incoming secure function or an outgoing secure function depending on any one or more of a timer, cycle frequency and/or counter, such as a saturation counter. The timer may be set up to track time intervals, count- up, or count-down, or count a number of cycles, or an access  timer that tracks the number of cache misses, cache hits, or cache accesses. The timer can either be an approximation of wall-clock time (e.g., a cycle counter) or an access timer (e.g., cache misses, hits, or accesses).)
determining a number of cache misses during execution of the part of the code based on the amount of time; and (Sandberg, [0040] …The timer may be set up to track time intervals, count- up, or count-down, or count a number of cycles, or an access  timer that tracks the number of cache misses, cache hits, or cache accesses.)
determining whether the application is experiencing the cache-based side-channel attack using a classifier which uses as input the number of cache misses. (Sandberg, [00124] It will be appreciated that the system and structure presented in FIG. 14 can be used to eliminate cache side-channel attacks using strong index functions.)

As per claim 2, Sandberg teaches The method according to claim 1, wherein the number of cache misses is determined by comparing the amount of time to a threshold. (Sandberg, [0063])

As per claim 7, Sandberg teaches The method according to claim 1, wherein the classifier is trained by running applications in a controlled environment with different cache configurations and/or while running a cache-based side-channel attack, collecting a number of cache misses during execution, and using the number of cache misses to generate a classification model used by the classifier. (Sandberg , [0040])

As per claim 8, Sandberg teaches The method according to claim 1, further comprising aborting execution of the application based on the classifier determining the application is experiencing the cache- based side-channel attack. (Sandberg, [0080])

As per claim 9, Sandberg teaches The method according to claim 1, wherein the timer thread is not a service provided by an operating system running the application. (Sandberg, [0040] Secure functions may be designated as an incoming secure function or an outgoing secure function depending on any one or more of a timer, cycle frequency and/or counter, such as a saturation counter. The timer may be set up to track time intervals, count- up, or count-down, or count a number of cycles, or an access  timer that tracks the number of cache misses, cache hits, or cache accesses. The timer can either be an approximation of wall-clock time (e.g., a cycle counter) or an access timer (e.g., cache misses, hits, or accesses).)

As per claim 10, Sandberg teaches The method according to claim 1, wherein the instrumented code of the application is instrumented to access a computer register containing a current value of the variable at least twice during execution of the part of the code. (Sandberg, [00119])

As per claim 11, Sandberg teaches The method according to claim 10, wherein the instrumented code of the application is instrumented to access the computer register before and after each memory access instruction, and wherein the number of cache misses is determined based on a total number of times during execution of the part of the code that a time elapsed for one of the memory access instructions exceeds a threshold. (Sandberg, [00159])

As per claim 12, Sandberg teaches The method according to claim 10, wherein the instrumented code of the application is instrumented to perform a conditional jump and to access the computer register before and after the conditional jump. (Sandberg, [00119]-[00120])

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 3 and 14 rejected under 35 U.S.C. 103 as being unpatentable over Sandberg in view of Haghighat et al. (WO 2020096639 A1) hereinafter referred to as Haghighat.

As per claims 3 and 14, Sandberg teaches claims 1 and 13, but does not teach wherein the application runs in an enclave of a host of a cloud provider which implements a trusted execution environment.
However, Haghighat teaches wherein the application runs in an enclave of a host of a cloud provider which implements a trusted execution environment. (Haghighat, [00140] and [00141])
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Sandberg with the method of Haghighat as trusted enclaves are a well known secure execution environment.

Claims 4-6 rejected under 35 U.S.C. 103 as being unpatentable over Sandberg in view of Reubenstein et al. (US 2017/0142072) hereinafter referred to as Haghighat.


As per claim 4, Sandberg teaches The method according to claim 1, but does not teach wherein the timer thread is implemented separately from a main thread of the application.
However, Reubenstein teaches wherein the timer thread is implemented separately from a main thread of the application. (Reubenstein, [0060])
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Sandberg with the method of Reubenstein as trusted enclaves running certain code such as a timer are well known as it can help them reboot if there is an error.

As per claim 5, Sandberg in view of Reubenstein teaches The method according to claim 4, wherein the timer thread is implemented in a same enclave of a trusted execution environment as the application. (Reubenstein, [0060])

As per claim 6, Sandberg in view of Reubenstein teaches The method according to claim 4, wherein the application runs in an enclave of a trusted execution environment, and wherein the timer thread is implemented outside of the enclave and on a different core of a host than the enclave. (Reubenstein, [0060])

Other Related Art
Gupta (WO 2019140274 A1) teaches “[0037] Embodiments reliably identify instructions that perform user-controlled memory reads and prevents instructions from accessing out-of-bounds memory during speculative execution— as seen in Spectre variant 1 attacks. Embodiments also prevent mis-training of branch predictors— as seen in Spectre Variant 2 attacks. Embodiments also disables side- channel attack code and terminates attacker launched processes to block exploitation using Meltdown. The example embodiments provide the detection and prevention of current Spectre, Meltdown, Foreshadow exploits, as well as future attack variants that will inevitably appear.” And “[0070] This second variant may use a technique known as indirect branch poisoning, because the speculative execution engine does not adequately isolate code or data between processes. That is, the branch prediction algorithm for a victim process can be mis-trained by an attacker process because the branch predictor 163 does not isolate its learnings between security domains. If the destination address of an indirect branch instruction is delay-read in memory (due to a cache miss), and the branch predictor 163 has already been mis-trained, the attacker process can choose a specific destination in the victim process during the speculative execution cycle. The exploit can then use run-oriented programming (ROP) gadgets in the victim process memory to leak secret information. In attacks of this variant, a branch target injection by an attacker process leverages the speculative execution behavior of the microprocessor in order to cause some code to expose more information than intended. The attacker process influences the indirect branch in the microprocessor to speculatively execute malicious code, which leaves behind a microarchitectural state that the attacker process can then use to infer data values.”.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SIMON P KANAAN/Primary Examiner, Art Unit 2492