DETAILED ACTION
1. Claims 1-13 are pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
2. Claims 1-2, and 9-13 are rejected under 35 U.S.C. 103 as being unpatentable over Teng et al. (US 20020138543 A1) in further view of Sharif et al. (Sharif, Monirul & Lanzi, Andrea & Giffin, Jonathon & Lee, Wenke. (2008). Impeding Malware Analysis Using Conditional Code Obfuscation.) in further view of Bestol (https://www.betsol.com/blog/obfuscate-code/#:~:text=Why%20obfuscate%20code%3F,access%20to%20the%20source%20code.) in further view of StackOverFlow (https://stackoverflow.com/questions/11291242/python-dynamically-create-function-at-runtime).
3. Regarding claim 1, Teng et al. teaches a control method executed by a computer ([0011]: “Many organizations require pre-defined business methods in order to carry out various tasks. For example, to add a new user to the Identity System, a business method may require the telecommunications group to provide a telephone number, the Information Technology Group to provide an email address, the Human Resources Group to provide personal data, and, finally, approval from a manager. To implement such business methods with an Identity System, workflows have been implemented. In general, a workflow is a process that is implemented by the Identity System (or other system) and automates the business methods.”) comprising:
Execution instructions for a first task and a second task ([0014]: “The present invention, roughly described, pertains to technology for using workflows with associated processes. For example, a first workflow can invoke one or more nested sub-workflows (‘sublows’)”; [0015]: “One embodiment of the present invention includes performing a first workflow for a first task and starting a second workflow as a subflow of the first workflow in order to perform a second task... In another embodiment, the second workflow invokes additional one or more nested workflows.”; [0192]: “ If a workflow already exists to perform a task, any other workflow that needs to perform that task should be able to leverage off the first workflow.”; [0193]: “The workflow that initiates the subflow is referred to as the parent workflow. A workflow can be both a parent workflow to a first workflow and a subflow to a second workflow”; [0195]: “In step 840, the relevant manager (e.g. user, group or organization) receives a request to perform an action that requires a workflow… the workflows perform the requested task (Receiving execution instructions for a first and second task. The first and second tasks may be subflows of a parent task. The first task may also be a parent workflow with a subflow corresponding to a second task as described above.)”),
However, Teng et al. does not explicitly teach when accepting execution instructions for a first task and a second task, adding an operation code that causes execution of an operation, to a processing program that corresponds to the first task.
But Teng et al. teaches a subflow that involves retrieving sensitive user data ([0193]: “As part of its process, the new user workflow obtains the new user's telephone number. The obtaining of the new user's telephone number (Sensitive user data) is accomplished by performing a new telephone number workflow. In this example, the new telephone number workflow is initiated by a step in the new user workflow.”),
Sharif et al. teaches adding an operation code that causes execution of an operation, to a processing program to encrypt code (Abstract: “Our technique automatically transforms a program by encrypting code that is conditionally dependent on an input value with a key derived from the input (The input value is obtained via the execution of an operation code) and then removing the key from the program.”. See image below for an example of operation code for obtaining the input value described above. Also see Figure 3. which is a variation of Figure 2 that shows the general encryption mechanism.),
PNG
media_image1.png
300
935
media_image1.png
Greyscale
And Bestol teaches to encrypt code to protect and ensure no access to source code (Why obfuscate code?: “When we deploy our code using Docker on a client environment they can attach or exec into the code base and retrieve the source code. This needs to be hidden/encrypted. Most of the web-apps are in JavaScript and will obfuscate the main server code so that there is no access to the source code.”).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the invention of Teng et al. with the teachings of Sharif et al. and Bestol to add an operation code that causes execution of an operation, to a processing program that corresponds to the first task when accepting instructions for a first and second task when accepting execution instructions for a first and second task to obtain data for creating encryption keys to encrypt the code logic of a subflow (E.g. a second task of a parent workflow) associated with sensitive user data in Teng et al., as taught in Sharif et al. The processing program is interpreted to be the code for a parent workflow or a subflow.
One would be motivated to add an operation code that causes execution of an operation to include code for obtaining data to create encryption keys to encrypt the code logic associated with subflows retrieving sensitive data to ensure no malicious actors may have access to said code logic as taught by Bestol above. One would be motivated to prevent malicious actors from gaining access to the code associated with retrieving sensitive data since access to the source code increases the risk of identifying potential security vulnerabilities and unauthorized access to sensitive data. Executing an operation to obtain data for creating the encryption key as taught in Sharif et al. above is considered the execution of an operation.
However, Teng et al. modified by Sharif et al. and Bestol do not explicitly teach generating a first program that includes the processing program and the operation code.
But, Teng et al. teaches workflows are created and modified using a base template ([0181]: “Workflows are created based on templates (forms) by users with sufficient privileges.”; [0183]: “a typical template would have parameters for many actions. One template is likely to be used to create many workflows.”), and
StackOverFlow teaches dynamically generating a program from a base template (See image below).,
PNG
media_image2.png
656
1146
media_image2.png
Greyscale
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the invention of Teng et al. modified by Sharif et al. and Bestol with the teachings of StackOverFlow to generate a first program that includes the processing program and the operation code to dynamically create workflows based on the template workflow taught in Teng et al. This may be accomplished by modifying the base code of a workflow to include the code for the subflows of a parent workflow and the operation code used to encrypt the code of a subflow of the parent workflow as taught in Sharif et al. The code for a first subflow of a parent workflow may correspond to the processing program that corresponds to the first task. Modifying the template code to include code that encrypts the code logic of a subflow associated with sensitive data as taught in Sharif et al. above corresponds to including the operation code in the generated program. One would be motivated to perform the above modifications to a base template to reduce administrative costs as taught by Teng et al. ([0014]: “Re-using existing workflows as subflows reduces administrative costs of creating and maintaining workflows.”).
However, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol do not explicitly teach encrypting a second program that corresponds to the second task to generate encrypted data, by using an operation result obtained based on the execution of the operation.
But Teng et al. teaches steps of a workflow, such as a subflow corresponding to a second task, may involve sensitive user data ([0015]: “One embodiment of the present invention includes performing a first workflow for a first task and starting a second workflow as a subflow of the first workflow in order to perform a second task“; [0131]: “Each of the profiles represents configuration information for the associated data store. This includes, among other things, host name, port number, name space, login name (also called an ID), password, and support operations.”. For example, a first task may be a log in task and the second task requires a program to send/transmit a password; [0193]: “Consider the following example, a company uses a first workflow to create new users for the Identity System and add the new user's identity profile to the directory. As part of its process, the new user workflow obtains the new user's telephone number. The obtaining of the new user's telephone number is accomplished by performing a new telephone number workflow.”. Obtaining a user’s telephone number is an example of obtaining sensitive data. That corresponds to the second task of a workflow in the above example.), and
Sharif et al. teaches encrypting a program to generate encrypted data, by using an operation result obtained based on the execution of an operation (Abstract: “Our technique automatically transforms a program by encrypting code (Encrypting code corresponds to encrypting a program) that is conditionally dependent on an input value with a key derived from the input (Operation result obtained based on the execution of an operation) and then removing the key from the program.”. See Figure 1. “cmd = get_command(sock)” for an example of receiving the operation result based on the execution of an operation.).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to further modify the invention of Teng et al. modified by Sharif et al, StackOverFlow, and Bestol to encrypt a second program that corresponds to the second task to generate encrypted data, by using an operation result obtained based on the execution of the operation to ensure the code logic of a subflow associated with retrieving sensitive data is inaccessible to malicious actors (The Examiner notes that “to generate encrypted data” is interpreted to be generating an encrypted version of the second program where the encrypted data is interpreted to be the encrypted program.) when the code for said subflow is either intended to be client-side code or when said code is to be transmitted elsewhere. One would have been motivated to encrypt said code logic to ensure no access to the main server code as taught by Bestol (Why obfuscate code?: “Most of the web-apps are in JavaScript and will obfuscate the main server code so that there is no access to the source code.”) to protect the code from malicious actors.
Moreover, one would have been motivated to perform this encryption by using an operation result obtained based on the execution of the operation to ensure a unique key is used for said encryption such that the keys are not stored within the program itself as taught by Sharif et al. (Abstract: “Our technique automatically transforms a program by encrypting code that is conditionally dependent on an input value with a key derived from the input (Using an operation result based on the execution of the operation)”; 2.1 overview: “We define candidate conditions as those suitable for our obfuscation… second, there should be a unique key derived from the condition when it is satisfied”; 1. Introduction: “Unlike polymorphic code, our approach does not store encryption keys inside the program.”). The above modification may be accomplished via retrieving user attributes from a server or user input obtained during a workflow in Teng et al. One would be motivated to avoid storing encryption keys in the program to improve security for key management.
However, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol do not explicitly teach transmitting the first program and the encrypted data to a device that corresponds to the first task.
But Teng et al. teaches that a request for a workflow may require operations to be performed by multiple servers ([0195]: “for example, when creating a new user, a new group, etc. In step 840, the relevant manager (e.g. user, group or organization) receives a request to perform an action that requires a workflow (Request corresponds to a request for a workflow)... the workflows perform the requested task”; [0065]: “FIG. 47 is a flowchart describing a process for servicing a request that requires operations to be performed by multiple identity servers.”).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to transmit the first program and the encrypted data to a device that corresponds to the first task by transmitting the first program and encrypted data to multiple identity servers (device) such that the workflow may be performed on several servers when needed. One would be motivated to do so to increase the throughput of the identity system and to improve load balancing as taught by Teng et al. ([0346]: “In some embodiments of the present invention, multiple Identity Servers are employed to increase the throughput of the Identity System. In such embodiments, requests are assigned to Identity Servers so as to balance the load of each Identity Server. In some instances a request may execute a function that requires a primary Identity Server handling the request to communicate with another Identity Server.”).
4. Regarding claim 2, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol teaches the control method according to claim 1,
Sharif et al. teaches wherein the operation result is obtained by executing at least the operation code from the first program (Abstract: “Our technique automatically transforms a program by encrypting code that is conditionally dependent on an input value with a key derived from the input and then removing the key from the program.”. See FIG. 1 “cmd = get_command(sock)” as an example of operation code for receiving an input value. Deriving the key from the input value is based on the result obtained via the execution of get_command(sock) and is considered an example of the operation result being obtained based on executing the operation code.).
5. Regarding claim 9, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol teaches the control method according to claim 1.
However, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol do not explicitly teach wherein the generating includes further adding a second operation code that causes the execution of a second operation to a second processing program that corresponds to the second task, and generating the second program.
But Teng et al. teaches a workflow may contain a second subflow corresponding to a second task ([0015]: “One embodiment of the present invention includes performing a first workflow for a first task and starting a second workflow as a subflow of the first workflow in order to perform a second task. Performance of the first workflow includes accessing an indication of whether the first workflow should wait for the second workflow to complete the second task and waiting, if so indicated. In another embodiment, the second workflow invokes additional one or more nested workflows.”), and
StackOverFlow teaches generating a program from a base template (See image below).
PNG
media_image2.png
656
1146
media_image2.png
Greyscale
It would have been obvious to one of ordinary skill in the art, to modify the invention of Teng et al. modified by Sharif et al., StackOverFlow, and Bestol such that the generating includes further adding a second operation code that causes the execution of a second operation to a second processing program that corresponds to the second task by adding the code logic of a subflow corresponding to the second task to a modified code template in Teng et al. Generating the second program is considered returning the modified function template that includes the code logic corresponding to the second task in addition to the subflows corresponding to the first task and tasks subsequent to the second task. One would be motivated to perform the above modification to dynamically create a workflow when a workflow using a base template to reduce administrative costs as taught by Teng et al. ([0014]: “Re-using existing workflows as subflows reduces administrative costs of creating and maintaining workflows.”).
Moreover, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol do not explicitly teach the encrypting includes further encrypting data that includes a document to generate second encrypted data, by using a second operation result obtained based on the execution of the second operation.
But Sharif et al. teaches using other function calls in a conditional code block (2.3.1 Finding Conditional Code: “Conditional code blocks may call other functions… Now, for every block in F ! CCode(C), we find calls to other functions and include them in CCode(C). This step is performed repeatedly until all reachable functions are included. We used this approach instead of inter-procedural control-dependence analysis [35] because it allows us to obfuscate functions that are not control-dependent on a candidate condition but can be reached only from that condition.”),
Teng et al. teaches using certificates to verify the identity of a user or organization ([0361]: “In one embodiment, the present invention provides for customized certificate management processes. Certificates are electronic documents used to verify the identity of an entity such as a user, group or organization. A well known standard defining certificate formats is the X.509 standard for certificates. In general, a certificate contains information about an entity, including a public key for performing encryption. A certificates holder maintains a secret copy of a corresponding private key that is used for decryption. Certificates employed in one embodiment of the present invention include the following fields: (1) VEND--certificate's expiration date; (2) VSTART--certificate validity start date; (3) ISSUER--certificate holder's distinguished name (dn); (4) EMAIL certificate holder's e-mail address; (5) SERIAL certificate serial number; (6) VERSION certificate version number; (7) ALGOID--certificate algorithm identifier; (8) PUBLICKEY_ALGOID--public key algorithm identifier; (9) PUBLICKEY--public key value of the certificate; (10) ISSUER_SIGNATURE_ID--certificate holder's signature algorithm identifier; and (11) SUBJECT--subject of the certificate.”), and
Teng et al. further teaches a document that may be used to control and define the workflow definition process ([0181]: “The User Manager, Group Manager and Organization Managers each have their own template files and use those template files to control and define the workflow definition process. In one embodiment, the template file is an XML document that defines a set of parameters for each of the actions available to that particular workflow type.”).
It would have also been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to further modify the invention of Teng et al. modified by Sharif et al., StackOverFlow, and Bestol such that the encrypting includes further encrypting data that includes a document to generate second encrypted data to protect sensitive business information such as the XML document that controls workflow definition processes in Teng et al. when the XML document is being transmitted in tandem with the code of a subflow to another identity server. Since operations of a workflow may be executed on a plurality of identity servers as taught in Teng et al. ([0065]: “FIG. 47 is a flowchart describing a process for servicing a request that requires operations to be performed by multiple identity servers.“; [0346]: “These requests can be submitted via HTTP, XML documents, or other means. In some embodiments of the present invention, multiple Identity Servers are employed to increase the throughput of the Identity System.”), a XML document associated with a subflow may need to be transmitted to other identity servers as well since the XML document defines the parameters of the actions available to a workflow type as taught by Teng et al. above. One would be motivated to encrypt these documents to prevent malicious actors from gaining access to confidential business information during the transmission of those documents.
Further, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the invention of Teng et al. modified by Sharif et al., StackOverFlow, and Bestol such that that the encrypting is done by using a second operation result obtained based on the execution of the second operation by adding a second operation to obtain a certificate such that the public key of said certificate may be used to encrypt documents such as the XML document as taught in Teng et al. ([0361]: “Certificates are electronic documents used to verify the identity of an entity such as a user, group or organization. A well known standard defining certificate formats is the X.509 standard for certificates. In general, a certificate contains information about an entity, including a public key for performing encryption. “).
One would be motivated to add a second operation such that said second operation is an operation to obtain a certificate to enable authentication between identity servers and improve security as taught in Teng et al. ([0361]: “Certificates are electronic documents used to verify the identity of an entity such as a user, group or organization”; [0362]: “When a first person wants to establish a secure connection with a second person, the first person sends the second person their certificate. The second person obtains the first person's public key from the certificate. When sending messages to the first person, the second person uses the public key to encrypt the message. The first person uses their private key to decrypt the message. The first person can provide a secure response to the second person by using the second person's public key, which is attached to the second person's certificate.”).
6. Regarding claim 11, it is a media/product type claim with similar limitations as claim 1 above. Moreover, Teng et al. teaches the additional limitations of a non-transitory computer-readable recording medium storing a control program for causing a computer to perform processing ([0017]: “The software used for the present invention is stored on one or more processor readable storage media including hard disk drives, CD-ROMs, DVDs, optical disks, floppy disks, tape drives, RAM, ROM or other suitable storage devices.”; [0122]: “Processor unit 50 may contain a single microprocessor, or may contain a plurality of microprocessors for configuring the computer system as a multi-processor system”). Therefore, it is rejected under the same rationale.
7. Regarding claim 12, it is a media/product type claim with similar limitations as claim 1 above. Moreover, Teng et al. teaches the additional limitations of a memory ([0122]: “main memory 52 can store the executable code when in operation”); and a processor coupled to the memory, the processor being configured to perform processing ([0122]: “The computer system in FIG. 2 includes processor unit 50 and main memory 52. Processor unit 50 may contain a single microprocessor, or may contain a plurality of microprocessors for configuring the computer system as a multi-processor system. Main memory 52 stores, in part, instructions and data for execution by processor unit 50”). Therefore, it is rejected under the same rationale.
8. Regarding claim 13, Teng et al. teaches a control method executed by a computer ([0011]: “Many organizations require pre-defined business methods in order to carry out various tasks. For example, to add a new user to the Identity System, a business method may require the telecommunications group to provide a telephone number, the Information Technology Group to provide an email address, the Human Resources Group to provide personal data, and, finally, approval from a manager. To implement such business methods with an Identity System, workflows have been implemented. In general, a workflow is a process that is implemented by the Identity System (or other system) and automates the business methods.”) comprising:
A first task ([0015]: “One embodiment of the present invention includes performing a first workflow for a first task”), and a second task ([0015]: “and starting a second workflow as a subflow of the first workflow in order to perform a second task… the second workflow invokes additional one or more nested workflows.”).
However, Teng et al. does not explicitly teach when receiving a first program obtained by adding an operation code that causes execute of an operation to a processing program that corresponds to a first task, and encrypted data in which a second program that corresponds to a second task is encrypted, executing the first program.
But, Teng et al. teaches workflows are created and modified using a base template ([0181]: “Workflows are created based on templates (forms) by users with sufficient privileges.”; [0183]: “a typical template would have parameters for many actions. One template is likely to be used to create many workflows.”),
StackOverFlow teaches dynamically generating a program from a base template (See image below).,
PNG
media_image2.png
656
1146
media_image2.png
Greyscale
Sharif et al. teaches adding an operation code that causes execution of an operation, to a processing program to encrypt code (Abstract: “Our technique automatically transforms a program by encrypting code that is conditionally dependent on an input value with a key derived from the input and then removing the key from the program.”. See FIG. 1 “cmd = get_command(sock)” as an example of an operation code that causes execution of an operation used for encrypting and the image below).
PNG
media_image1.png
300
935
media_image1.png
Greyscale
And Bestol teaches to obfuscate code to ensure no access to the source code (Why obfuscate code?: “When we deploy our code using Docker on a client environment they can attach or exec into the code base and retrieve the source code. This needs to be hidden/encrypted. Most of the web-apps are in JavaScript and will obfuscate the main server code so that there is no access to the source code.”).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the clamed invention, to modify the invention of Teng et al. with the teachings of Sharif et al. and Bestol to add an operation code that causes execute of an operation to a processing program that corresponds to a first task to encrypt the code logic of a subflow associated with sensitive user data.
For example, the processing program may correspond to the code logic for a parent workflow or a subflow. The parent workflow may have many subflows and a subflow may also be a parent workflow to other workflows as taught in Teng et al. ([0193]: “The workflow that initiates the subflow is referred to as the parent workflow. A workflow can be both a parent workflow to a first workflow and a subflow to a second workflow… Additionally, a parent workflow can have many subflows.”). A subflow may be a task that involves using a function to obtain sensitive user data as taught in Teng et al. ([0193]: “As part of its process, the new user workflow obtains the new user's telephone number (Sensitive user data). The obtaining of the new user's telephone number is accomplished by performing a new telephone number workflow.”). Hence, one would be motivated to add an operation code that causes execution of an operation to include code for encrypting code logic associated with retrieving sensitive data to ensure no user or malicious actors may have access to said code logic as taught by Bestol above.
One would be motivated to prevent users or malicious actors from gaining access to the code associated with retrieving sensitive data since access to the source code increases the risk of malicious actors identifying potential security vulnerabilities and gaining unauthorized access to sensitive data. Executing an operation to receive data for creating the encryption keys used for encryption as taught in Sharif et al. is considered the execution of an operation.
Moreover, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the invention of Teng et al. modified by Sharif et al. and Bestol with the teachings of StackOverFlow to generate a first program that includes the processing program and the operation code to dynamically create workflows based on a template workflow. For example, this may be accomplished by modifying the base code of a workflow to include the code for all the subflows of a parent workflow. The modified template code that includes the subflows of the parent workflow may be considered the processing program that corresponds to a first task. Next, including the operation code to said processing program may be done by adding the logic for encrypting the code associated with sensitive subflows as taught in Sharif et al. above.
One would be motivated to perform the above modifications to a base program and to generate a new program based on the modifications since a template workflow may be used for many workflows as taught in Teng et al., and modifying an existing template instead of creating a new program from scratch reduces administrative costs as taught by Teng et al. ([0014]: “Re-using existing workflows as subflows reduces administrative costs of creating and maintaining workflows.”).
Moreover, since operations of a workflow may be executed on multiple identity servers as taught in Teng et al. ([0065]: “FIG. 47 is a flowchart describing a process for servicing a request that requires operations to be performed by multiple identity servers.”), it would have been obvious to one of ordinary skill in the art that the generated first program may be transmitted to many different servers/devices such that when receiving a first program, the servers would cause executing the first program. One would be motivated to execute the operations of the program on multiple servers to increase throughput or improve load balancing as taught in Teng et al. ([0346]: “ In some embodiments of the present invention, multiple Identity Servers are employed to increase the throughput of the Identity System. In such embodiments, requests are assigned to Identity Servers so as to balance the load of each Identity Server. In some instances a request may execute a function that requires a primary Identity Server handling the request to communicate with another Identity Server.”).
However, Teng et al. modified by Sharif et al., Bestol, and StackOverFlow do not explicitly teach executing transmission of an operation result obtained based on the execution of the operation code in the execution of the first program or information that is generated based on the operation result and configured to decrypt the encrypted data, to a device that corresponds to the second task, together with the encrypted data, or transmission of the second program obtained by decrypting the encrypted data by using the operation result, to the device.
But Teng et al. teaches operations of a workflow may be executed on multiple identity servers ([0065]: “ FIG. 47 is a flowchart describing a process for servicing a request that requires operations to be performed by multiple identity servers.”),
Sharif et al. teaches using an operation result obtained based on the execution of the operation code or information that is generated based on the operation result to decrypt the encrypted data (2.2 General Mechanism: “The block B is encrypted with c as the key. Let BE be the encrypted block where BE = Encr(B, c). Code is inserted immediately before BE to decrypt it with the key contained in variable X. Since Hash(X) = Hc implies X = c, when the obfuscated condition is satisfied, the original code block is found, i.e. B = Decr(BE, c) and the program execution is equivalent to the original. However, a malware analyzer can recover the conditional code B only by watching for the attacker to trigger this behavior, by guessing the correct input, or by cracking the cryptographic operations.”).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to modify the invention of Teng et al. modified by Sharif et al., Bestol, and StackOverFlow to execute a transmission of an operation result obtained based on the execution of the operation code in the execution of the first program or information that is generated based on the operation result and configured to decrypt the encrypted data, to a device that corresponds to the second task, together with the encrypted data to first transmit the operation result (data used for creating encryption keys) obtained to encrypt code logic as taught in Sharif et al. to the identity servers where the encrypted code would be transmitted to. One would be motivated to do so to decrypt the obfuscated code of a subflow when said subflow is to be performed on multiple identity servers as taught in Teng et al. above. For example, operations of a workflow may be performed by multiple identity servers for load balancing as taught in Teng et al. above ([0346]: “In such embodiments, requests are assigned to Identity Servers so as to balance the load of each Identity Server.“). For this reason, after the code logic for a subflow was generated from a base template, this generated code may be transmitted to multiple identity servers. However, since it is first encrypted/obfuscated to ensure security as taught in Sharif et al., the operation result must also be transmitted to decrypt the code logic when the code is received at the identity servers. Transmitting the second program, E.g. a subflow, to another identity server (E.g. device) may increase the throughput of an identity system and improve load balancing of each identity server as taught in Teng et al. ([0346]: “In some embodiments of the present invention, multiple Identity Servers are employed to increase the throughput of the Identity System. In such embodiments, requests are assigned to Identity Servers so as to balance the load of each Identity Server.“).
It would have been obvious to one of ordinary skill in the art, to further modify the invention of Teng et al. modified by Sharif et al., Bestol, and StackOverFlow, to execute a transmission of the second program obtained by decrypting the encrypted data by using the operation result, to the device when it is determined that the identity server that said second program was originally transmitted to is suffering from a heavy load. For example, during the execution of a workflow in Teng et al., a subflow may be sent to another identity server for load balancing or increasing throughput as taught in Teng et al. above. However, when the other identity server is also working with a heavy load, one would be motivated to encrypt the decrypted program once again, and transmit the program to be executed at another identity server to mitigate issues due to the heavy load.
9. Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Teng et al. in further view of Sharif et al. in further view of StackOverFlow in further view of Bestol, as applied to claim 1, in further view of Hjelle (https://web.archive.org/web/20191228005549/https://realpython.com/primer-on-python-decorators/).
10. Regarding claim 3, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol teaches the control method according to claim 1.
However, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol do not explicitly teach wherein the generating includes adding the operation code according to a position of a code that satisfies a predetermined condition and is included in the processing program that corresponds to the first task.
But Teng et al. teaches a workflow may contain many subflows ([0193]-[0194]: “Additionally, a parent workflow can have many subflows. In one embodiment, a parent workflow and its subflows must all be performed by the same application.“). Further, Teng et al. teaches subflows may require a specific execution order ([0015]: “Performance of the first workflow includes accessing an indication of whether the first workflow should wait for the second workflow to complete the second task and waiting, if so indicated. In another embodiment, the second workflow invokes additional one or more nested workflows.”), and
Hjelle adding operation code according to a position of code that satisfies a predetermined condition (See image below).
PNG
media_image3.png
585
1128
media_image3.png
Greyscale
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to further modify the invention of Teng et al. modified by Sharif et al., StackOverFlow, and Bestol with the teachings of Hjelle such that the generating includes adding the operation code according to a position of a code that satisfies a predetermined condition and is included in the processing program that corresponds to the first task by adding the operation code in a position of code that only executes after a required previous subflow has completed execution and determining the execution of the next subflow is involved with user data. For example, the first workflow has many subflows as previously taught by Teng et al. above. There may be a subflow that must complete execution before other subflows begin execution as taught in Teng et al. ([0016]: “Another embodiment of the present invention includes performing a first workflow in a first application and causing a second process in a second application to be performed in response to the first workflow. One example of a second process is a workflow. In one implementation, a status message is received indicating that the first workflow should be paused. The first workflow is then paused until a callback command is invoked.”).
One would be motivated to add an operation code according to a position of a code that satisfies a predetermined condition in the template code of a workflow to ensure proper execution order of subflows. The predetermined condition may be a condition to check if the callback command is invoked as taught in Teng et al. Further, as a subsequent subflow may involve retrieving sensitive user data as taught in Teng et al. ([0193]: “As part of its process, the new user workflow obtains the new user's telephone number. The obtaining of the new user's telephone number is accomplished by performing a new telephone number workflow.”), one would be motivated to set the predetermined condition such that the operation code only executes if a previous required subflow completes execution and the subsequent subflow contains code logic associated with sensitive user data. One would be motivated to do so to allow a workflow to change dynamically as taught in Hjelle et al. (Simple decorators: “Because wrapper() is a regular Python function, the way a decorator modifies a function can change dynamically. So as not to disturb your neighbors, the following example will only run the decorated code during the day:”). For example, a workflow may choose to use a different subflow if a user profile encountered an error during creation and retrieving user details after creation of a profile should be abandoned due to said error.
11. Regarding claim 4, Teng et al. modified by Sharif et al., StackOverFlow, Bestol, and Hjelle teaches the control method according to claim 3, wherein the generating includes
Hjelle teaches adding the operation code to the processing program such that the operation result is obtained when a code that satisfies the predetermined condition is executed in the execution of the first program (See image below),
PNG
media_image4.png
397
1128
media_image4.png
Greyscale
But when the code that satisfies the predetermined condition is not executed, the operation result is no longer obtained (See image below),
PNG
media_image5.png
488
1204
media_image5.png
Greyscale
For example, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, that after a required subflow has completed in Teng et al., a next subflow may not be associated with sensitive data and having the code logic exposed in plaintext either during transmission or on a client device poses a minor security risk. Then, one would be motivated to move to an else block that does not perform encryption as previously taught in Sharif et al. to reduce implementation complexity.
And
StackOverFlow teaches generating the first program (Generating the first program is done by modifying a base workflow in Teng et al. as taught by StackOverFlow in the image below).
PNG
media_image6.png
429
1365
media_image6.png
Greyscale
12. Claims 5-6 is rejected under 35 U.S.C. 103 as being unpatentable over Teng et al. in further view of Sharif et al. in further view of StackOverFlow in further view of Bestol, as applied to claim 3, in further view of Gallagher (https://medium.com/analytics-vidhya/an-essential-guide-to-data-masking-ee32dffc204d/).
13. Regarding claim 5, Teng et al. modified by Sharif et al., StackOverFlow, Bestol, and Hjelle teaches the control method according to claim 3, wherein the generating includes adding the operation code to the processing program.
Sharif et al. teaches an anterior operation code is added before the position of the code that satisfies the predetermined condition (See image below),
and a posterior operation code is added after the position of the code that satisfies the predetermined condition (See image below and Figure 3. “General obfuscation mechanism”),
PNG
media_image7.png
422
1200
media_image7.png
Greyscale
and
StackOverFlow teaches generating the first program (See image below).
PNG
media_image6.png
429
1365
media_image6.png
Greyscale
However, Teng et al. modified by Sharif et al., StackOverFlow, Bestol, and Hjelle do not explicitly teach and the operation result is obtained when the posterior operation code is executed by using a primary operation result obtained by the execution of the anterior operation code in the execution of the first program. (Abstract: “Our technique automatically transforms a program by encrypting code that is conditionally dependent on an input value with a key derived from the input (A key derived from input corresponds to using an operation result obtained by the execution of an anterior operation code.) and then removing the key from the program.”; Introduction: “Second, the conditional code, which is the code executed when these conditions are satisfied, is identified and encrypted with a key that is derived from the value that satisfies the condition (The value that satisfies the condition is based on the operation result of the anterior operation. Encrypting is posterior operation code (e.g. after if statement) and is executed and is based on the result of the anterior operation.)”; 2.2 General Mechanism: “Without loss of generality, we assume that any candidate condition is equivalent to the simple condition “X == c” where the operand c has a statically determinable constant value and X is a variable. Also, suppose that a code block B is executed when this condition is satisfied.”).
But Gallagher teaches to use data masking to protect sensitive data (Paragraph 3: “Data masking takes the data that you have, break it down column by column (or as a group of columns), and obscure the true meaning of the data acting on rules you provide. These rules can be very specific and precise, or can be a statement of random replacement within set boundaries.”; Take away section: “While it may not be a critical tool, depending on what kind of data your business handles, data masking is very important. It can protect you, your customers (if you store their data), and your business if any information needs to be used for non-production reasons.”).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the invention of Teng et al. modified by Sharif et al., StackOverFlow, Bestol, and Hjelle with the teachings of Gallagher such that the operation result is obtained when the posterior operation code is executed by using a primary operation result obtained by the execution of the anterior operation code in the execution of the first program. This would be achieved by adding a function for data masking after a conditional statement in the invention of Teng et al. modified by Sharif et al., StackOverFlow, Bestol, and Hjelle. The data masking function, as taught in Gallagher, may then take in the operation result of the anterior operation code and return a masked version of the input. The masked version of the input is considered the operation result is obtained when the posterior operation code is executed. One would be motivated to perform this modification to mask data prior to using the data for creating an encryption key to add an additional layer of security when using user attributes or user input for generating encryption keys as taught in Gallagher (Take Away: “While it may not be a critical tool, depending on what kind of data your business handles, data masking is very important. It can protect you, your customers (if you store their data), and your business if any information needs to be used for non-production reasons.”).
14. Regarding claim 6, Teng et al. modified by Sharif et al., StackOverFlow, Bestol, and Hjelle teaches the control method according to claim 3, wherein the generating includes adding the operation code to the processing program,
StackOverFlow teaches and generating the first program (See image below).
PNG
media_image6.png
429
1365
media_image6.png
Greyscale
However, Teng et al. modified by Sharif et al., StackOverFlow, and Bestol, do not explicitly teach such that the operation is executed by using a return value of a function included in the code that satisfies the predetermined condition.
But Sharif et al. teaches there may be other function calls in a conditional code block (2.3.1 Finding Conditional Code: “Conditional code blocks may call other functions… Now, for every block in F ! CCode(C), we find calls to other functions and include them in CCode(C). This step is performed repeatedly until all reachable functions are included. We used this approach instead of inter-procedural control-dependence analysis [35] because it allows us to obfuscate functions that are not control-dependent on a candidate condition but can be reached only from that condition.”), and
Gallagher teaches to use data masking to protect sensitive data (Paragraph 3: “Data masking takes the data that you have, break it down column by column (or as a group of columns), and obscure the true meaning of the data acting on rules you provide. These rules can be very specific and precise, or can be a statement of random replacement within set boundaries.”; Take away section: “While it may not be a critical tool, depending on what kind of data your business handles, data masking is very important. It can protect you, your customers (if you store their data), and your business if any information needs to be used for non-production reasons.”).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the invention of Teng et al. modified by Sharif et al., StackOverFlow, Bestol, and Hjelle such that the operation is executed by using a return value of a function included i