SECURE ACCESS MANAGEMENT FOR TOOLS WITHIN A SECURE ENVIRONMENT

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to amendment filed 12/24/2025. Claims 1-20 have been examined. This office action is Final. Response to Arguments Applicant's arguments filed 12/24/2025 have been fully considered but they are not persuasive. On pages 3-4 of Applicant’s arguments, the Applicant states that the prior art of Kohavi and Beecham do not teach or suggest, “receiving the decrypted file at the virtual file system enabling the user to run a user command”. Beecham discloses “receiving the decrypted file at the virtual file system enabling the user to run a user command”, because Beecham discloses decrypting from reading the file from virtual system (Beecham: see claim 7). On pages 4-5 of Applicant’s arguments, the Applicant states that the prior art does not disclose Kohavi obtaining at a virtual file system an encrypted file stored in the secure environment. The Examiner disagrees. The isolated processing environment is a secured and separated environment (Kohavi: para. 0072). Kohavi discloses the isolated processing environment is part of the classified area, the classified area holds data units (i.e. files) (Kohavi: para. 0072-0073). Kohavi discloses the isolated processing environment includes an encrypted local file system that encrypts a data unit when storing the data unit (i.e. file) in the isolated environment (Kohavi: para. 0104-0108). Thus, Kohavi does disclose “obtaining at a virtual file system an encrypted file stored in the secure environment”. On pages 6-7 of the Applicant’s arguments, the Applicant states that Kohavi does not disclose “sending the encrypted file to a client at a user system external to the secure environment over a secure connection for decryption”. Kohavi discloses the data unit is modified by a data modifier , which modifies the data unit by encryption, using an encryption key that is unique for the data unit. The decryption key is then cached and saved on user A's mobile host for later offline use. The decryption key is protected with user A's password (Kohavi: para. 0301). Examiner Notes A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire (para. 0133, pg. 23 of Applicant’s specification). Thus, claims 8-14 will not be rejected under 35 U.S.C. 101 in light of specific definition of “computer readable storage medium”. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1, 4, 6-7, 8, 11, 13-15, 18, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, and 8-12, of U.S. Patent No. 10,834,081 Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1, 4, 6-7, 15, 18, and 20 of application 18/369,111 is anticipated by patent 10,834,081. Claims 8, 11, and 13-14 recite a computer program product comprising a computer readable storage medium, it would have been obvious to include a computer program product in 10,834,081, the motivation is that software is able to execute the method. Claims 1, 4, 6-7, 8-11, 13-15, 18, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4 of U.S. Patent No. 10,924,486. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1, 4, and 6-7, of application 18/369,111 is anticipated by patent 10,924,486. Claims 8-11, 13-15, 18,and 20 recite a system and computer program product, both are obvious to include in 10,924,486, one needs the hardware to carry out the steps, and the software to execute the steps. Claims 1, 4, 6-7, 8-11, 13-15, 18, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, and 11-14 of U.S. Patent 11,799,861. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1, 4, 6-7, 15, 18, and 20 is anticipated by patent 11,799,861. Claims 8-11, and 13-14 recite a computer program product, it would have been obvious to include a computer program product in 11,799,861, the motivation is that the software is able to execute the method. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kohavi (2009/0063869) in view of Beecham et al. (2014/0156706). As per claim 1, Kohavi disclose a computer-implemented method for secure access management for tools within a secure environment, the method comprising: obtaining at a virtual file system an encrypted file stored in the secure environment (Kohavi: para. 0073, 0105-0108, obtaining classified area (i.e. virtual file system) and encrypted file (i.e. data unit) stored in the isolated environment is secured); sending the encrypted file to a client at a user system external to the secure environment over a secure connection for decryption (Kohavi: para. 0107-0108, 0116-0117, see Fig. 6), ; Kohavi does not disclose; however, Beecham discloses receiving the decrypted file at the virtual file system enabling a user to run a user command (Beecham: para. 0113, claim 7, host decrypts data before passing data to VS (i.e. virtual system)), read from the virtual system). It would have obvious to one of ordinary skill before the effective filing date of the claimed invention to include receiving the decrypted file at the virtual file system enabling a user to run a user command of Beecham with Kohavi, the motivation is that allow direct read to one or more sectors by virtual systems (Beecham: para. 0002). As per claims 8 and 15, rejected under similar scope as claim 1. Claims 2, 5, 9, 12 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Kohavi (2009/0063869) in view of Beecham (2014/0156706) and further in view of Jorgensen (2004/0221163). As per claim 2, Kohavi, Beecham and Jorgensen disclose the method as recited in claim 1. Kohavi does not explicitly disclose wherein the file holds sensitive data and is encrypted using a public key of the user. However, analogous art of Jorgensen discloses file holds sensitive data and is encrypted using a public key of the user (Jorgensen: para. 0146, public ECC key used to encrypt files, that is part of user director, thus the public ECC key is the user’s). It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include file holds sensitive data and is encrypted using a public key of the user of Jorgensen with Kohavi and Beecham, the motivation is that using encryption of file ensures that only the person with the key can encrypt the file, this this an effective security measure (Jorgensen: para. 0146). As per claims 9 and 16, rejected under similar scope as claim 2 above. As per claim 5, Kohavi and Beecham disclose the method as recited in claim 1. Kohavi further discloses wherein the encrypted file is sent to the client at the user system external to the secure environment over the secure connection for decryption (Kohavi: para. 0214-0215, 0302-0305, the encrypted file is decrypted by the client. Kohavi and Beecham does not disclose by a remote cryptography device of the user system using the user's private key. Jorgensen a remote cryptography device of the user system using the user's private key (Jorgensen: para. 0149, the file uses the private ECC encryption key (i.e. user’s private key) to unlock the file (i.e. decryption)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Jorgensen with the system/method of Kohavi and Beecham to include a remote cryptography device of the user system using the user's private key. One would have been motivated only person with the private key can decrypt the file, thus insuring only an authorized user is able to decrypt the file (Jorgensen: para. 0149). As per claims 12 and 19, rejected under similar scope as claim 5. Claims 3-4, 7, 10-11, 14, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Kohavi (2009/0063869) in view of Beecham (2014/0156706) and further in view of Camiel (2014/0338004). As per claim 3, Kohavi and Beecham disclose the method as recited in claim 1. Kohavi and Beecham does not disclose intercepting a read operation at the virtual file system of the encrypted file. However, analogous art of Camiel discloses intercepting a read operation at the virtual file system of the encrypted file (Camiel: see fig. 1C, para. 0071, 0102, 0116, 0154, 0185, intercepting a read operation at the virtual file system (i.e. secure vault) of the encrypted file to a client at a user system external (i.e. user machine #102) to the secure environment #110). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include intercepting a read operation at the virtual file system of the encrypted file of Camiel with Kohavi and Beecham, the motivation is that another process can be done when there is an intercept command (Camiel: para. 0185). As per claim 4, Kohavi, Beecham and Camiel disclose the method as recited in claim 3. Camiel further discloses receiving the user command from the user system external to the secure environment to carry out the read operation of the encrypted file (Camiel: see fig. 1C, 0071, 0100, 0102, receiving the user command from the user system external (i.e. user machine) to the secure vault via the secure environment to carry out read operation of the encrypted file), wherein the user command is directed to a server from a tool to which the command is directed (Camiel: see fig. 1C, para. 0157, command is directed to the server (i.e. secure device)). Same motivation as claim 3 above. As per claim 7, Kohavi and Beecham disclose the method as recited in claim 1. Kohavi and Beecham do not disclose further comprising: verifying access permissions of the user according to stored access permissions in the secure environment, wherein the access permissions for the encrypted file are stored and accessed in association with the encrypted file. Camiel discloses verifying access permissions of the user according to stored access permissions in the secure environment (Camiel: para. 0018, 0068, verifying access permissions of the user (i.e. user at user machine)), wherein the access permissions for the encrypted file are stored and accessed in association with the encrypted file (Camiel: para. 0018, 0128, encrypted secure file). Therefore, it would have been obvious to one of ordinary skill before the effective filing of the claimed invention to include verifying access permissions of the user according to stored access permissions in the secure environment, wherein the access permissions for the encrypted file are stored and accessed in association with the encrypted file of Camiel with Kohavi and Beecham, the motivation is that data that is considered sensitive is used only in the secure environment, thus this is a security measure that ensures only authorized users are able to access data stored in the secure environment (Camiel: para. 0018). As per claims 10-11, and 17-18, rejected under similar basis as claims 3-4 above. As per claim 14, rejected under similar scope as claim 7. Claims 6 , 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kohavi (2009/0063869) in view of Beecham (2014/0156706) and further in view of Wu et al. (2011/0265183). As per claim 6, Kohavi and Beecham discloses the method as recited in claim 1. Kohavi and Beecham do not disclose; however, Wu discloses wherein the virtual file system is generated for each user session or is a central virtual file system that is user aware and is provided by a software interface for a computer operating system for creating virtual file systems in user space (Wu: para. 0142, recites “or”; Wu discloses virtual file system is created for each user session). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wu with the system/method of Kohavi and Beecham, wherein the virtual file system is generated for each user session or is a central virtual file system that is user aware and is provided by a software interface for a computer operating system for creating virtual file systems in user space. One would have been motivated to create a virtual file system for each user session, this ensures the flexibility that users can carry their work from one machine to another without a footprint of the user operating system (Wu: para. 0008). As per claims 13 and 20, rejected under similar scope as claim 6. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 7:00am-3:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip J Chea can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 5/5/2026 /J.E.J/Examiner, Art Unit 2499 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499