PERIPHERAL DEVICE-BASED MANAGEMENT OF USER SPACE PROCESS CREDENTIALS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to amendments filed on November 13, 2025. Claims 1, 3, 7, 9-10 have been amended. Claims 1-20 are pending. Response to Arguments Applicant’s arguments, see page 8 of Remarks, filed November 13, 2025, with respect to the objections and rejections under 35 U.S.C. 112(b) of Claims 13-14 have been fully considered and are persuasive. The objections and rejections under 35 U.S.C. 112(b) of Claims 13-14 have been withdrawn. Applicant's arguments filed November 13, 2025 with regards to the rejections under 35 U.S.C. 103 have been fully considered but they are not persuasive. On pages 9-10 of Remarks, Applicant mainly argues that reference Ndu does not teach the claimed limitation of an integrity measurement as part of the heartbeat argued: “Ndu neither discloses nor renders obvious, whether in the cited paragraphs or otherwise, the heartbeat 210 indicating or containing an integrity measurement of a monitored user space process 108”. Examiner respectfully disagrees. Regarding an “integrity measurement”, the Applicant’s specification does not explicitly define this term, so the term is subject to the broadest reasonable interpretation. Moreover, the term is recited at a high level of generality within the independent claims. Therefore, under the broadest reasonable interpretation, the heartbeat message of Ndu can be considered to be a form of integrity measurement: it is an indication of the integrity of the user space process and further includes integrity verification mechanisms such as a message authentication code (Par. [0066]-[0069]). For the purposes of compact prosecution however, this heartbeat message was further combined with the teachings of reference Lee which was shown to teach further incorporating state information into heartbeat messages as a form of attestation. Applicant further remarks “Therefore, even assuming, arguendo, that Ndu's baseboard management controller 240 may be considered a peripheral” (Remarks, Page 10, Par. 5). It is noted by the Examiner that reference Ndu is prior art which shares common inventors with the claimed invention, with both regarding monitoring user processes. As such, the Applicant’s specification itself states this interpretation: “A baseboard management controller is an example of such a peripheral device” (Specification, Par. [0010]). On page 11 of Remarks, Applicant mainly argues that reference Lee does not teach the claimed limitations, in particular “and responsive to the verification… communicate with the operating system kernel to provision an authentication credential for the user space process”. Examiner respectfully disagrees. Regarding the limitation, the limitation is directed towards a statement of intended usage when it recites “to provision an authentication credential for the user space process”. While this limitation was treated positively for the purposes of compact prosecution, it is noted by the Examiner that this limitation merely amounts to the peripheral communicating with the kernel. This ties into the Applicant’s further argument that “the peripheral does not obtain the credential, but rather, the peripheral provisions the authentication credential for the user space process” (Remarks, Page 11, Par. 3); this is not what is stated in the claim. For these reasons, the rejections under 35 U.S.C. 103 are maintained. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-8, 10-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ndu et al. (U.S. Pub. No. 2022/0188423 A1) hereinafter referred to as “Ndu”, in view of Lee et al. (U.S. Pub. No. 20220070178 A1) hereinafter referred to as “Lee”. Regarding Claim 1: Ndu teaches the following limitations: A non-transitory machine-readable storage medium that store machine-readable instructions to, when executed by a peripheral device [baseboard management controller], cause the peripheral device to: communicate with an operating system kernel of a host (Par. [0019], Par. [0022], Par. [0034], Par. [0082]). Ndu teaches a baseboard management controller, i.e. peripheral device, communicating with and receiving a heartbeat from a process monitor which exists in a host’s kernel space to monitor user processes. receive, from the operating system kernel, an integrity measurement of a user space process of the host [process monitor sends heartbeat] (Par. [0022], Par. [0034], Par. [0065]). Ndu teaches the process monitor sending a periodic heartbeat message as a method of verifying the integrity of the monitored user processes. In combination with Lee below, this can be considered a type of integrity measurement. (taught by Lee below) (taught by Lee below) Lee teaches the following limitations: verify, based on the integrity measurement, whether a first state of the user space process corresponds to an expected state for the user space process (Par. [0070], Par. [0075], Par. [0078], Par. [0105], Par. [0124], Par. [0129]). Lee teaches performing attestation, i.e. including application state verification, for provisioning a credential. This attestation is done periodically, i.e. akin to a heartbeat message, to control access. and responsive to verification that the first state corresponds to the expected state, communicate with the operating system kernel to provision an authentication credential for the user space process to allow the user space process to use a service provided by the peripheral device (Par. [0070], Par. [0075], Par. [0078], Par. [0105]). Access/authorization is provisioned with successful attestation. Ndu teaches checking the integrity of a user space process through a heartbeat message, but does not teach verification of the process state for provisioning a credential. Lee however teaches that a heartbeat message can be combined with device attestation, i.e. include state checking, for provisioning and controlling access using a credential, and that this continuous attestation has the advantage of providing additional privacy and security (Abstract). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the heartbeat integrity monitoring system of Ndu with the state attestation of Lee in order to gain the benefit of additional security. One of ordinary skill in the art would have recognized that the state attestation of Lee is compatible with the heartbeat messages of Ndu as both are directed towards periodically monitoring a process, and that such a continuous state authentication would have the benefit of additional security in obtaining and controlling access to a credential. Regarding Claim 2: Lee teaches the following limitations: establish a communication channel with the host, wherein establishing the communication channel comprises authenticating, by the peripheral device, the user space process based on the credential (Par. [0046], Par. [0048], Par. [0070], Par. [0129]). Lee teaches granting access to services using the provisioned credential. The reasons for motivation/combination of references remain the same as in Claim 1. Regarding Claim 3: Lee teaches the following limitations: send, to the operating system kernel, a request for an updated integrity measurement of the user space process (Par. [0124], Par. [0129]). Lee teaches performing periodic attestation. and selectively revoke the credential based on a response to the request (Par. [0124], Par. [0129]). Lee teaches removing access to a service through a credential in response to the periodic attestation being failed. The reasons for motivation/combination of references remain the same as in Claim 1. Regarding Claim 4: Lee teaches the following limitations: receive the updated integrity measurement responsive to the request (Par. [0124], Par. [0129]). determine an updated state of the user space process based on the updated integrity measurement (Par. [0124], Par. [0129]). verify whether the updated state corresponds to the expected state (Par. [0124], Par. [0129]). and revoke the credential responsive to the updated state not corresponding to the expected state (Par. [0124], Par. [0129]). The reasons for motivation/combination of references remain the same as in Claim 1. Regarding Claim 5: Ndu teaches the following limitations: responsive to the updated integrity measurement not being received by the peripheral device within an expected time interval [time out period] associated with the sending of the request (Par. [0034], Par. [0039], Par. [0065]). Ndu teaches that the heartbeat message is required to be received before time out, and exceeding this time interval leads to remedial action. (taught by Lee below) Lee teaches the following limitations: revoke the credential (Par. [0124], Par. [0129]). As previously shown above, Lee teaches such a remedial action involving access/credential revocation. The reasons for motivation/combination of references remain the same as in Claim 1. Regarding Claim 6: Ndu teaches the following limitations: responsive to the updated integrity measurement not being received by the peripheral device within the expected time interval (Par. [0034], Par. [0039], Par. [0065]). (taught by Lee below) Lee teaches the following limitations: revoke at least one other credential associated with at least one other user space process (Par. [0124], Par. [0129]). Lee additionally teaches device access being revoked entirely, i.e. other user process credentials are revoked. The reasons for motivation/combination of references remain the same as in Claim 1. Regarding Claim 7: Ndu teaches the following limitations: A computer platform comprising: a host comprising a hardware processor to execute machine-readable instructions associated with an operating system kernel, wherein the operating system kernel to measure a user space process at different times to provide a time series of integrity measurements (Par. [0022], Par. [0034], Par. [0065]). Ndu taught the heartbeat message periodically providing a check of integrity. (taught by Lee below) (taught by Lee below) (taught by Lee below) (taught by Lee below) Lee teaches the following limitations: authenticate the user space process based on a credential assigned to the user space process (Par. [0046], Par. [0048], Par. [0070], Par. [0129]). Lee was previously shown to teach access control/authentication using the provisioned credential. receive the integrity measurements (Par. [0124], Par. [0129]). Lee teaches receiving periodic attestation, i.e. integrity measurements. for each integrity measurement of the integrity measurements, verify whether a state of the user space process corresponds to an expected state for the user space process to provide a corresponding verification result (Par. [0124], Par. [0129]). This periodic attestation corresponds to corresponding verification for controlling access. and manage the credential based on the verification results (Par. [0124], Par. [0129]). Ndu teaches checking the integrity of a user space process through a heartbeat message, but does not teach verification of the process state for provisioning a credential. Lee however teaches that a heartbeat message can be combined with device attestation, i.e. include state checking, for provisioning and controlling access using a credential, and that this continuous attestation has the advantage of providing additional privacy and security (Abstract). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the heartbeat integrity monitoring system of Ndu with the state attestation of Lee in order to gain the benefit of additional security. One of ordinary skill in the art would have recognized that the state attestation of Lee is compatible with the heartbeat messages of Ndu as both are directed towards periodically monitoring a process, and that such a continuous state authentication would have the benefit of additional security in obtaining and controlling access to a credential. Regarding Claim 8: Lee teaches the following limitations: send nonces to the kernel at respective times according to a predetermined schedule (Par. [0098], Par. [0099], Par. [0124], Par. [0129]). Lee teaches a nonce being included as part of device attestation. and control a validity of the credential responsive to the sending of the nonces (Par. [0098], Par. [0099], Par. [0124], Par. [0129]). As access/credential validity depends upon successful attestation, this in turn also depends upon the nonces. The reasons for motivation/combination of references remain the same as in Claim 7. Regarding Claim 10: Ndu teaches the following limitations: (taught by Lee below). wherein the operating system kernel is expected to respond to the sending of the given nonce within a predetermined time interval (Par. [0034], Par. [0039], Par. [0065]). Previously, Ndu/Lee were combined in such a manner that the heartbeat message of Ndu was combined with the device attestation of Lee which includes nonce checking. As such, since the heartbeat message has a time-out period, the kernel is also expected to respond with a nonce within this period as well. determine that the operating system kernel failed to respond to the sending of the given nonce within the predetermined time interval (Par. [0034], Par. [0039], Par. [0065]). (taught by Lee below) responsive to the determination that the operating system kernel failed to respond to the sending of the given nonce within the predetermined time interval (Par. [0034], Par. [0039], Par. [0065]) Lee teaches the following limitations: send a given nonce of the nonces (Par. [0098], Par. [0099], Par. [0124], Par. [0129]). and revoke the credential (Par. [0124], Par. [0129]) The reasons for motivation/combination of references remain the same as in Claim 7. Regarding Claim 11: Ndu teaches the following limitations: wherein the peripheral device comprises a baseboard management controller, a smart input/output (I/O) peripheral or a graphics processing unit (GPU) (Par. [0019], Par. [0022], Par. [0034], Par. [0082]). Ndu taught a peripheral device in the form of a baseboard management controller. Regarding Claim 12: Ndu teaches the following limitations: A method comprising:(Par. [0019], Par. [0022], Par. [0034], Par. [0082]) (taught by Lee below) providing, by an operating system kernel-based agent and to the peripheral device, an integrity measurement of the user space process (Par. [0022], Par. [0034], Par. [0065]). (taught by Lee below) (taught by Lee below) (taught by Lee below) Lee teaches the following limitations: provisioning… a credential (Par. [0070], Par. [0075], Par. [0078], Par. [0105]). authenticating, by the peripheral device, the user space process based on the credential (Par. [0046], Par. [0048], Par. [0070], Par. [0129]). determining, by the peripheral device, an observed state of the user space process based on the integrity measurement (Par. [0070], Par. [0075], Par. [0078], Par. [0105], Par. [0124], Par. [0129]). verifying, by the peripheral device, whether the observed state corresponds to an expected state for the user space process (Par. [0124], Par. [0129]). and revoking, by the peripheral device, the credential responsive to the observed state not corresponding to the expected state (Par. [0124], Par. [0129]). Ndu teaches checking the integrity of a user space process through a heartbeat message, but does not teach verification of the process state for provisioning a credential. Lee however teaches that a heartbeat message can be combined with device attestation, i.e. include state checking, for provisioning and controlling access using a credential, and that this continuous attestation has the advantage of providing additional privacy and security (Abstract). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the heartbeat integrity monitoring system of Ndu with the state attestation of Lee in order to gain the benefit of additional security. One of ordinary skill in the art would have recognized that the state attestation of Lee is compatible with the heartbeat messages of Ndu as both are directed towards periodically monitoring a process, and that such a continuous state authentication would have the benefit of additional security in obtaining and controlling access to a credential. Regarding Claim 13: Ndu teaches the following limitations: providing, by the operating system kernel-based agent and to the peripheral device, an initial integrity measurement of the user space process (Par. [0067], Par. [0068]). Ndu teaches the heartbeat message including a monotonically increasing counter which is synchronized between the monitor and controller, i.e. this initial heartbeat corresponds to an initial integrity measurement. and determining, by the peripheral device, the expected state based on the initial integrity measurement (Par. [0067], Par. [0068]). The incrementing of this counter therefore means that determining the expected state depends on this initial integrity measurement, as the counters need to be synchronized to pass authentication. Regarding Claim 14: Lee further teaches the following limitations: further comprising: provisioning the peripheral device with a manifest comprising data representing an expected integrity measurement for the user space process (Par. [0120]-[0124], Par. [0128], Par. [0133]). Lee teaches that attestation can be performed by receiving trusted reference information, i.e. an expected state. and determining, by the peripheral device, the expected state based on the expected integrity measurement (Par. [0120]-[0124], Par. [0128], Par. [0133]). This trusted reference information determines the expected state for integrity. The reasons for motivation/combination of references remain the same as in Claim 12. Regarding Claim 15: Ndu teaches the following limitation: wherein verifying whether the observed state corresponds to the expected state comprises determining, by the peripheral device, whether a value corresponding to an attribute of the user space process other than a hash of in-memory content associated with the user space process is different from an expected value for the attribute (Par. [0037], Par. [0060]). Previously, it was taught above that the heartbeat message of Ndu can be combined with state information as in Lee for improved authentication. Ndu further teaches that such monitored state information includes attributes such as the file paths of library objects, and these can be verified and checked. Regarding Claim 16: Ndu teaches the following limitation: wherein the attribute comprises at least one of a process path [library file path], a name of an executable file corresponding to the user space process and arguments passed in a call to the file, an environment variable, a size of an in-memory text segment associated with the user space process, or a permission associated with an in-memory text segment associated with the user space process (Par. [0037], Par. [0060]). Regarding Claim 17: Ndu teaches the following limitation: wherein verifying whether the observed state corresponds to the expected state comprises determining, by the peripheral device, whether a measurement of an invariant content [library file path] associated with a library dynamically linked to the user space process is different from an expected measurement of the invariant content for the user space process (Par. [0037], Par. [0060]). These library file paths are initially logged and checked later for discrepancies, i.e. invariant content. Regarding Claim 18: Ndu teaches the following limitation: measuring, by the operating system kernel-based agent, memory content [library file path] associated with the user space process and expected to be invariant; and determining, by the operating system kernel-based agent, the integrity measurement based on a result of the measuring (Par. [0037], Par. [0060]). Regarding Claim 19: Ndu teaches the following limitation: measuring, by the operating system kernel-based agent, content [library file path] associated with a library dynamically linked to the user space process; and determining, by the operating system kernel-based agent, the integrity measurement based on a result of the measuring (Par. [0037], Par. [0060]). Regarding Claim 20: Lee teaches the following limitation: wherein provisioning the credential comprises: assigning, by the peripheral device, a permission to the credential; and associating, by the peripheral device, the permission with the expected state [trusted reference information] (Par. [0120], Par. [0124], Par. [0128], Par. [0129]). Lee previously was shown to teach assigning access through the credential, and Lee further teaches associating this authorization with the expected state by maintaining trusted reference information for comparison. The reasons for motivation/combination of references remain the same as in Claim 12. Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Ndu/Lee as applied to claim 8 above, and further in view of Knauerhase et al. (U.S. Pub. No. 2005/0113069 A1) hereinafter referred to as “Knauerhase”. Regarding Claim 9: Lee teaches the following limitations: (taught by Knauerhase below) (taught by Knauerhase below) (taught by Knauerhase below) and revoke the credential (Par. [0124], Par. [0129]). (taught by Knauerhase below) Knauerhase teaches the following limitations: send a given nonce of the nonces, wherein the kernel is expected to respond to the sending of the given nonce with an expected value derived by applying a predetermined function to the given nonce (Par. [0021], Par. [0023]). Knauerhase teaches responding to a nonce by applying a function to the nonce. receive, from the kernel, a second value responsive to the sending of the given nonce (Par. [0021], Par. [0023]). Knauerhase sends the result of applying a function to the nonce back as a form of identity verification. determine that the second value does not correspond to the expected value (Par. [0021], Par. [0023]). Knauerhase teaches that the previous result should be received for verification. responsive to the determination that the second value does not correspond to the expected value (Par. [0021], Par. [0023]) Related Art The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: Stefan et al. (U.S. Patent No. 9,009,474 B2) – Includes methods regarding data integrity Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /E.V.V./Examiner, Art Unit 2431 /SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431