DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on October 04, 2022
Status of claims within the instant application:
Claims 1 – 8 are pending.
Claims 1 and 4 are amended.

Response to Amendment
Regarding claim 4 that was rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention, Applicant’s remarks, see page [5], filed on October 04, 2022, have been fully considered and persuasive, therefore, the rejection is withdrawn.
Regarding claims 1 and 5 that were rejected under 35 U.S.C. 103 as being unpatentable over US 20200366478 A1 to Mestery et al., (hereinafter, “Mestery”) in view of US 11036643 B1 to Asher et al., (hereinafter, “Asher”), Applicant’s remarks, see page [5], filed on October 04, 2022, have been fully considered, but they are not persuasive, therefore, the applicant is directed to the response below:
With regard to independent claims 1 and 5, applicant argued that Asher does not teach “one or more performance standby nodes designated from the standby nodes, the performance standby nodes being configured to execute the security services only in response to read-only requests that do not modify the information, each designated one or more performance standby nodes being further configured to forward to the active node any requests that modify the information, each of the one or more performance standby nodes having an embedded cache storing one or more cache objects related to the security services provided by the one or more performance standby nodes, at least some of the one or more cache objects being invalidated by a write-ahead log (WAL) stream received by the one or more performance standby nodes from the active node”. 
Examiner noted that Asher discloses “the DMLC 1240 may be configured as a read-only cache. In this configuration, all write-through writes coming from the L1 data caches 305a-b and write buffers 312a-b are forwarded to the LLC 130, which serves as the point of serialization. A miss at the DMLC 1240 would go to the LLC 130 to fetch the requested data. Thus, in such an implementation, the LLC 130 may absorb all writes, and the DMLC 1240 may serve to cache read-only data. Modified data from the cores 120a-b may be prohibited from being written to the DMLC 1240 in order to maintain the LLC 130 as the point of serialization” [col. 15 lines 34 – 44]. The DMLC is mapped to the standby nodes which would only a read-only cache and accept read-only request. The DMLC is being maintain as a read-only and prohibiting modified data from being written is mapped as the security service. Therefore, col. 15 lines 34 – 44 is mapped to “the performance standby nodes being configured to execute the security services only in response to read-only requests that do not modify the information, each designated one or more performance standby nodes being further configured to forward to the active node any requests that modify the information”. 
Examiner noted that Asher discloses “an instruction mid-level cache (IMLC) 320 occupies level 2. The IMLC 320 may be configured, as a shared cache, to provide instructions to the plurality of L1 instruction caches 306a-b. The IMLC 320 may fetch such instructions as cache blocks from the LLC 130. The cores 120a-b, following a cache “miss” at the L1 instruction caches 306a-b, may access the IMLC 320 for the requested instructions, followed by LLC 130 if a cache miss occurs at the IMLC 320.” [col. 14 lines 22 – 29]. The cache within Asher are able to hold instructions and data that would be provided to the multiple different cache which is mapped to the embedded cache storing one or more cache objects related to the security services provided by the one or more performance standby nodes. Therefore, col. 14 lines 22 – 29 is mapped to “each of the one or more performance standby nodes having an embedded cache storing one or more cache objects related to the security services provided by the one or more performance standby nodes”. 
Examiner noted that Asher discloses “the mid-level data cache may be further configured to forward the requested data to the one of the plurality of processors, and may forward an invalidation command to at least one of the plurality of L1 caches, the invalidation command indicating to invalidate previous versions of the data. The mid-level data cache may also be configured to control a MESI state of the data, including a state enabling writes to the mid-level data cache. The mid-level data cache may be further configured to provide the data to a first one of the plurality of processors, the data being a product of a write by a second one of the plurality of processors.” [col. 3 lines 8 – 19]. The invalidation command indicating to invalidate previous versions of the data is mapped to at least some of the one or more cache objects being invalidated by a write-ahead log (WAL) stream received by the one or more performance standby nodes from the active node. Since the previous versions of data can be interpreted as cache objects.
	Therefore, the rejection on independent claims 1 and 5 still stands.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over US 20200366478 A1 to Mestery et al., (hereinafter, “Mestery”) in view of US 11036643 B1 to Asher et al., (hereinafter, “Asher”).
Regarding claim 1, Mestery teaches a security system for a cloud computing platform, the security system comprising: a plurality of security service nodes, [Mestery, para. 21 disclose the IKE servers or IKE nodes 116a-d are scaled horizontally, meaning there are a plurality of IKE servers or IKE nodes 116a-d that may service the connections between a user 106 and an environment 108.] each of the plurality of security service nodes having at least one data processor that is configured to provide security services on information, [Mestery, para. 21 disclose The environment may be embodied as a public network, such as the internet, or in a form of one or more private networks. The user 106 communicates with the environment 108 via one of the ESP nodes 114a-e using a User Data Protocol (UDP) or another ESP protocol such as protocol 50. The UDP may use a port 4500 but these are provided by way of an example and not by way of a limitation. The user 106 also communicates with one of the IKE nodes 116a-d (e.g., servers) to establish a security association. For example, a UDP protocol or another IKE protocol such as protocol 51 may be used. The UDP may use a port five hundred. For example, the user 106 will indicate to the IKE server that I am user X with a password Y. The user 106 may propose to use these encryption algorithms and keys, and negotiate a time for refreshing the keys (e.g., 30 min).] one of the plurality of security service nodes being designated in a startup phase of the security system as an active node to execute the security services, [Mestery, para. 26 discloses as illustrated in the IPSec key negotiation process 200, traffic 202, 204, 206 is initially sent between the initiator node A and the responder node C. According to the example depicted in FIG. 2, it is assumed that the initiator node A is the IKE server and it is further assumed that a new SA (or child SA, used interchangeably) has been generated. In operation 208, a rekeying is initiated, and messages 210-220 are exchanged between the initiator node A and the responder node C] and one or more other of the plurality of security service nodes being designated as standby nodes; [Mestery, para. 28 disclose the node C responder is the endpoint device (user 106 in FIG. 1). Either one of the IKE nodes or node C responder or a responder node (the endpoint device) may initiate the IKE rekeying. In the event the rekeying is initiated by a node C responder, due to hashing, the rekeying request initiated by the node C responder may be received by any of the IKE nodes such as IKE node B in FIG. 3], but Mestery does not teach one or more  performance standby nodes designated from the standby nodes, the performance standby nodes being configured to execute the security services only in response to read-only requests that do not modify the information, each designated one or more performance standby nodes being further configured to forward to the active node any requests that modify the information, each of the one or more performance standby nodes having an embedded cache storing one or more cache objects related to the security services provided by the one or more performance standby nodes, at least some of the cache objects being invalidated by a write-ahead log (WAL) stream received by the one or more performance standby nodes from the active node.
However, Asher does teach one or more performance standby nodes designated from the standby nodes, [Asher, col. 13 lines 60 – 67 to col. 14 line 1 discloses a subset of the components of the network services processor 100, including processor cores 120a-b and a memory subsystem 1200. The memory subsystem 1200 includes a three-level hierarchy of caches (L1-L3), as well as the DRAM 133 and respective controllers 133. The first cache level, L1, includes the L1 data caches 305a-b and L1 instruction caches 306a-b. Each of the L1 caches 305a-b, 306a-b may be exclusive to a respective core 120a-b, and is closest in proximity to the cores 120a-b] the performance standby nodes being configured to execute the security services only in response to read-only requests that do not modify the information, each designated one or more performance standby nodes being further configured to forward to the active node any requests that modify the information, [Asher, col. 15 lines 34 – 44 discloses the DMLC 1240 may be configured as a read-only cache. In this configuration, all write-through writes coming from the L1 data caches 305a-b and write buffers 312a-b are forwarded to the LLC 130, which serves as the point of serialization. A miss at the DMLC 1240 would go to the LLC 130 to fetch the requested data. Thus, in such an implementation, the LLC 130 may absorb all writes, and the DMLC 1240 may serve to cache read-only data. Modified data from the cores 120a-b may be prohibited from being written to the DMLC 1240 in order to maintain the LLC 130 as the point of serialization] each of the one or more performance standby nodes having an embedded cache storing one or more cache objects related to the security services provided by the one or more performance standby nodes, [Asher, col. 14 lines 22 – 29 discloses An instruction mid-level cache (IMLC) 320 occupies level 2. The IMLC 320 may be configured, as a shared cache, to provide instructions to the plurality of L1 instruction caches 306a-b. The IMLC 320 may fetch such instructions as cache blocks from the LLC 130. The cores 120a-b, following a cache “miss” at the L1 instruction caches 306a-b, may access the IMLC 320 for the requested instructions, followed by LLC 130 if a cache miss occurs at the IMLC 320.] at least some of the one or more cache objects being invalidated by a write-ahead log (WAL) stream received by the one or more performance standby nodes from the active node [Asher, col. 3 lines 8 – 19 discloses the mid-level data cache may be further configured to forward the requested data to the one of the plurality of processors, and may forward an invalidation command to at least one of the plurality of L1 caches, the invalidation command indicating to invalidate previous versions of the data. The mid-level data cache may also be configured to control a MESI state of the data, including a state enabling writes to the mid-level data cache. The mid-level data cache may be further configured to provide the data to a first one of the plurality of processors, the data being a product of a write by a second one of the plurality of processors.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filing date to combine Asher’s system with Mestery’s system, with a motivation to utilize the L1 data caches by the respective core 120a-b to cache data, and the L1 data caches 306a-b may store instructions to be executed by the respective core 120a-b. To maintain the integrity of the instructions, the cores 120a-b may be prevented from writing to the L1 instruction caches 306a-b. [Asher, col. 7 lines 40 – 45]

Regarding claim 5, Mestery teaches a method of executing security services by a security system of a cloud computing platform, the method comprising: designating, in a startup phase of the security system, an active node from a plurality of security service nodes of the security system, [Mestery, para. 26 discloses as illustrated in the IPSec key negotiation process 200, traffic 202, 204, 206 is initially sent between the initiator node A and the responder node C. According to the example depicted in FIG. 2, it is assumed that the initiator node A is the IKE server and it is further assumed that a new SA (or child SA, used interchangeably) has been generated. In operation 208, a rekeying is initiated, and messages 210-220 are exchanged between the initiator node A and the responder node C] each of the plurality of security service nodes having at least one data processor that is configured to provide the security services on information in response to requests the designated active node configured to execute the security services; [Mestery, para. 21 disclose The environment may be embodied as a public network, such as the internet, or in a form of one or more private networks. The user 106 communicates with the environment 108 via one of the ESP nodes 114a-e using a User Data Protocol (UDP) or another ESP protocol such as protocol 50. The UDP may use a port 4500 but these are provided by way of an example and not by way of a limitation. The user 106 also communicates with one of the IKE nodes 116a-d (e.g., servers) to establish a security association. For example, a UDP protocol or another IKE protocol such as protocol 51 may be used. The UDP may use a port five hundred. For example, the user 106 will indicate to the IKE server that I am user X with a password Y. The user 106 may propose to use these encryption algorithms and keys, and negotiate a time for refreshing the keys (e.g., 30 min).], but Mestery does not teach designating all other nodes of the plurality of security service nodes as standby nodes; designating, from the standby nodes, one or more performance standby nodes to execute the security services only in response to read-only requests that do not modify the information, and to forward to the active node any requests that modify the information, each of the one or more performance standby nodes having an embedded cache of the cache layer storing a plurality of cache objects related to the security services provided by the plurality of security service nodes; and invalidating at least some of the cache objects in the embedded cache by a write- ahead log (WAL) stream from the active node executing the security service.
However, Asher does teach designating all other nodes of the plurality of security service nodes as standby nodes; [Asher, col. 13 lines 60 – 67 to col. 14 line 1 discloses a subset of the components of the network services processor 100, including processor cores 120a-b and a memory subsystem 1200. The memory subsystem 1200 includes a three-level hierarchy of caches (L1-L3), as well as the DRAM 133 and respective controllers 133. The first cache level, L1, includes the L1 data caches 305a-b and L1 instruction caches 306a-b. Each of the L1 caches 305a-b, 306a-b may be exclusive to a respective core 120a-b, and is closest in proximity to the cores 120a-b] designating, from the standby nodes, one or more performance standby nodes to execute the security services only in response to read-only requests that do not modify the information, and to forward to the active node any requests that modify the information, [Asher, col. 15 lines 34 – 44 discloses the DMLC 1240 may be configured as a read-only cache. In this configuration, all write-through writes coming from the L1 data caches 305a-b and write buffers 312a-b are forwarded to the LLC 130, which serves as the point of serialization. A miss at the DMLC 1240 would go to the LLC 130 to fetch the requested data. Thus, in such an implementation, the LLC 130 may absorb all writes, and the DMLC 1240 may serve to cache read-only data. Modified data from the cores 120a-b may be prohibited from being written to the DMLC 1240 in order to maintain the LLC 130 as the point of serialization] each of the one or more performance standby nodes having an embedded cache of the cache layer storing a plurality of cache objects related to the security services provided by the plurality of security service nodes; [Asher, col. 14 lines 22 – 29 discloses An instruction mid-level cache (IMLC) 320 occupies level 2. The IMLC 320 may be configured, as a shared cache, to provide instructions to the plurality of L1 instruction caches 306a-b. The IMLC 320 may fetch such instructions as cache blocks from the LLC 130. The cores 120a-b, following a cache “miss” at the L1 instruction caches 306a-b, may access the IMLC 320 for the requested instructions, followed by LLC 130 if a cache miss occurs at the IMLC 320.] and invalidating at least some of the cache objects in the embedded cache by a write- ahead log (WAL) stream from the active node executing the security service. [Asher, col. 3 lines 8 – 19 discloses the mid-level data cache may be further configured to forward the requested data to the one of the plurality of processors, and may forward an invalidation command to at least one of the plurality of L1 caches, the invalidation command indicating to invalidate previous versions of the data. The mid-level data cache may also be configured to control a MESI state of the data, including a state enabling writes to the mid-level data cache. The mid-level data cache may be further configured to provide the data to a first one of the plurality of processors, the data being a product of a write by a second one of the plurality of processors.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filing date to combine Asher’s system with Mestery’s system, with a motivation to utilize the L1 data caches by the respective core 120a-b to cache data, and the L1 data caches 306a-b may store instructions to be executed by the respective core 120a-b. To maintain the integrity of the instructions, the cores 120a-b may be prevented from writing to the L1 instruction caches 306a-b. [Asher, col. 7 lines 40 – 45]

Claims 2 – 4 and 6 – 8 are rejected under 35 U.S.C. 103 as being unpatentable over US 20200366478 A1 to Mestery et al., (hereinafter, “Mestery”) in view of US 11036643 B1 to Asher et al., (hereinafter, “Asher”) in further view of US 20170364698 A1 to Goldfarb et al., (hereinafter, “Goldfarb”).
Regarding claim 2, modified Mestery teaches the system in accordance with claim 1, but modified Mestery does not teach wherein the WAL stream is started based on a Merkle root read from the active node and unsealed in each of the one or more performance standby nodes, the Merkle root connecting the active node with each of the one or more performance standby nodes.
However, Goldfarb does teach wherein the WAL stream is started based on a Merkle root read from the active node and unsealed in each of the one or more performance standby nodes, [Goldfarb, para. 116 discloses the read command may be received after the write command, e.g., substantially later, for instance more than an hour, day, or week later. In some cases, the read command may be received after multiple write commands for the same document in which different versions are written to different nodes in different blocks, and in some cases to different directed acyclic graphs like those described above with reference to FIG. 3. In some embodiments, the read command may reference an identifier of a document that indicates a most current version of the document is to be retrieved, or in some cases the read command may reference a particular version of the document. In some cases, receiving the read command may cause the security driver 30 to access the lower-trust database 14 or other lower-trust data store and retrieve a pointer to a node or sequence of nodes in which the specified document is stored.] the Merkle root connecting the active node with each of the one or more performance standby nodes. [Goldfarb, para. 97 discloses an individual node may store multiple documents as attributes of that node. In some embodiments, blocks have an integer index, a block capacity, a cryptographic hash value based on all of the nodes in the block (like a Merkle root), the nodes within the block, and a cryptographic hash based on content of a previous block (e.g., based on all values in the block, based on a Merkle root of that block, or the like).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filing date to combine Goldfarb’s system with Mestery’s system, with a motivation that with this tight coupling, if the data is altered at all, the entire hash for the tree (as is distinct from a hash of a file stored in the database) is thrown off immediately and ultimately the chain will be broken and detected as such during validation operations [Goldfarb, para. 78]

Regarding claim 3, modified Mestery teaches the system in accordance with claim 1, but modified Mestery does not teach wherein the security services include indexing the secrets and/or data by the active node using a Merkle tree.
	However, Goldfarb does teach wherein the security services include indexing the secrets and/or data by the active node using a Merkle tree. [Goldfarb, para. 78 discloses some embodiments of Docuchain store the data directly in Merkle Trees, though embodiments are not limited to data storage in Merkle Trees, which is not to suggest that other descriptions are limiting. That is, when data is written to the database or read from the database, that data is written into specific fields of the elements (e.g., attributes of node content of nodes) of the Merkle Tree or read from specific fields of the elements of the Merkle Tree (rather than just a hash digest of the data residing in the Merkle Tree with the entire data residing in an external datastore). With this tight coupling, if the data is altered at all, the entire hash for the tree (as is distinct from a hash of a file stored in the database) is thrown off immediately and ultimately the chain will be broken and detected as such during validation operations.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filing date to combine Goldfarb’s system with Mestery’s system, with a motivation that with this tight coupling, if the data is altered at all, the entire hash for the tree (as is distinct from a hash of a file stored in the database) is thrown off immediately and ultimately the chain will be broken and detected as such during validation operations [Goldfarb, para. 78]

Regarding claim 4, modified Mestery teaches the system in accordance with claim 1, but modified Mestery does not teach wherein the each of the one or more cache objects includes one or more of encryption keys, transport layer security certificates, security tokens and leases.
However, Goldfarb does teach wherein the each of the one or more cache objects includes one or more of encryption keys, transport layer security certificates, security tokens and leases. [Goldfarb, para. 31 discloses the lower-trust database 14 is one of the various types of datastores described above. In some cases, the lower-trust database 14 is a relational database, having a plurality of tables, each with a set of columns corresponding to different fields, or types of values, stored in rows, or records (i.e., a row in some implementations) in the table, in some cases, each record, corresponding to a row may be a tuple with a primary key that is unique within that respective table, one or more foreign keys that are primary keys in other tables, and one or more other values corresponding to different columns that specify different fields in the tuple. Or in some cases, the database may be a column-oriented database in which records are stored in columns, with different rows corresponding to different fields. In some embodiments, the lower-trust database 14 may be a relational database configured to be accessed with structured query language (SQL) commands, such as commands to select records satisfying criteria specified in the command, commands to join records from multiple tables, or commands to write values to records in these tables.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filing date to combine Goldfarb’s system with Mestery’s system, with a motivation that with this tight coupling, if the data is altered at all, the entire hash for the tree (as is distinct from a hash of a file stored in the database) is thrown off immediately and ultimately the chain will be broken and detected as such during validation operations [Goldfarb, para. 78]

	Regarding claim 6 – 8, they have features similar to the features within claims 2 – 4, therefore they are rejected in a similar manner.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434