NETWORK-BOUNDARY CONVERGED MULTI-LEVEL SECURE COMPUTING SYSTEM

§101 §102 §103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are presented for examination. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 20 is rejected under 35 U.S.C. 101 as not falling within one of the four statutory categories of invention. Claim 20 is directed towards a computer program product. The broadest reasonable interpretation of a claim drawn to a computer program product (also called computer readable medium, machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent. A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation “non-transitory” to the claim and specification. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 20 recites the limitation "a method as described in claim 1" in line 3. However, claim 1 is directed towards a system. Appropriate correction is required. As per dependent claim 19, many of the same claim elements are repeated in from claim 1. It is unclear if these elements are the same or different from claim 1. The examiner recommends writing the claim in independent form, as it is directed towards a different category of invention. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-3, 9, 15-20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Beaumont, US 10,671,414. Regarding claims 1 and 20, Beaumont teaches system for providing hardware-level isolation of security domains (abstract: a unified desktop experience, whilst preventing data leakage between isolated domains), comprising: a plurality of independent computers configured to run one or more applications, each running a separate operating system and having its own security policies (Fig. 7, three isolated domain computers: 101, 102, 103. FIGS. 14 and 15, and other user interface items to allow certain features of the composition to be controlled, e.g., controlling the colour assigned to a particular domain, or specific security policies associated with composition. Col. 8, line 42-45: a domain is commonly understood to be representative of a group of computers and digital devices communicating with each other and interacting according to shared predetermined rules and procedures); a thin-client device connected to the independent computers over a computer network (Fig. 7, ross Domain Desktop Compositor (CDDC) 110. Col. 27, lines 51-55: The CDDC could be used to connect a desktop computer, or thin client to each of the network ports and appropriately configuring the domain software for each domain computer, and appropriately configuring the security policy of the CDDC. Also see col. 28, lines 27-31: merging of content is done in hardware by the CDDC -trusted thin client).; a desktop compositor running on the thin-client device (CDDC 110), configured to composite the applications running on the independent computers into a unified user interface (col. 9, lines 65- col. 10, line 5: an arrangement to provide access to, and control of, multiple independent computing domains through a single user interface. The CDDC provides a seamless and unified cross domain desktop environment for applications from multiple, potentially different classification, computing domains, without the need to trust any software residing on any of the individual domains); and a combination of multi-function network protocols and desktop-/screen-sharing software running on the independent computers and the thin-client device, configured to enable communication between the thin-client device and each of the independent computers (col, 10, lines 45-50: an embodiment of the CDDC a composition of individual and multiple graphical elements (predetermined regions) from the independent domains form a single, unified desktop environment output and displayed on the same monitor 4 (FIGS. 7, 10-15). Col. 29, lines 43-48: this application level compositing, graphical information can be passed in any of a number of formats and through any available communications protocol). Regarding claim 2, Beaumont discloses the system of claim 1, wherein the combination of multi-function network protocols and desktop-/screen-sharing software running on the independent computers and the thin-client device are further configured to enable communication among the independent computers (col. 19, lines 56-67: a packet-based protocol for delivering in-band information to the CDDC consists of a header (identifier, length, count, CRC check, type) and data (graphical region information) section. These packets, encoded as raw pixel data are displayed on the desktop environment for each independent domain, typically in the domain banner region to communicate in-band with the CDDC. Software is continuously monitoring the size and position of graphical elements in the desktop environment and updating the displayed protocol data immediately. Multiple packets can be combined, drawn and displayed by the domain-side software at the same time.). Regarding claim 3, Beaumont discloses the system of claim 1, further comprising: a case for the independent computers, allowing them to be handled as a single desktop or portable computer; a shared power supply for the independent computers; and a networking switch connecting the independent computers and the thin-client device (col. 9, lines 9-35: isolated domain computers: power supply grids. FIGS. 10B and 10C depict the changing composited output as the active domain is switched between three different domains, where each switch brings the windows from the newly activated domain to the front of the composition). Regarding claim 9, Beaumont discloses the system of claim 1, wherein the thin-client device comprises a laptop running a minimal operating system (col. 27, 46-48: The input to the CDDC could come from desktop computers, thin clients, workstations, servers, zero clients, or any other device capable of outputting digital display data.). Regarding claim 15, Beaumont discloses the system of claim 1, wherein the independent computers are configured to run applications with different levels of access to system resources (col. 3, 38—43: access to multiple isolated domains whilst maintaining a high level of security. In a preferred embodiment this security is provided by a pure hardware-based solution implementing the secure combination of the interfaces for multiple host computers. Also see col. 8 line 67-col. 9, line 5). Regarding claim 16, Beaumont discloses the system of claim 15, wherein the system resources comprise one or more of memory, storage, or processing power (col 6, line 54: may contain a number of source code or object code segments or instructions, and may reside in any computer readable medium such as a RAM memory, flash memory, ROM memory, EPROM memory, registers, hard disk, a removable disk, a CD-ROM, a DVD-ROM or any other form of computer readable medium.). Regarding claim 17, Beaumont discloses the system of claim 1, wherein the independent computers are configured to run applications with different levels of access to network resources (col. 3, 38—43: access to multiple isolated domains whilst maintaining a high level of security. In a preferred embodiment this security is provided by a pure hardware-based solution implementing the secure combination of the interfaces for multiple host computers. Also see col. 8 line 67-col. 9, line 5). Regarding claim 18, Beaumont discloses the system of claim 17, wherein the network resources comprise one or more of bandwidth or external connectivity (col. 26, line 57: This security policy may impose restrictions on the information transferred, including but not limited to: bandwidth, content, directionality, originating domain, destination domain, timing, and format.). As per claim 19, this is a method version of the claimed system discussed above in claim 1 wherein all claimed limitations have also been addressed and/or cited as set forth above. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 4-8 and 10, and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Beaumont as applied to claim 1 above, and further in view of Kras et al, US 2020/0177612. Regarding claim 4, Beaumont lacks or fails to expressly disclose SDN and WAN. However, Kras teaches the system of claim 1, wherein a software-defined network (SDN) allows for communication among the independent computers and the thin-client device over wide-area networks (WANs) such as Internet (Paragraph 0052: standard telephone lines LAN or WAN links (e.g., 802.11, T1, T3, Gigabit Ethernet, InfiniBand), broadband connections (e.g., ISDN)). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach SDN and WAN in order to include a variety of connections, as taught by Kras, paragraph 0052. Regarding claim 5, Beaumont lacks or fails to expressly disclose HTTP. However, Kras teaches the system of claim 1, wherein the multi-function network protocols comprise one or more of Secure Shell (SSH), Telnet, Remote Desktop Protocol (RDP), File Transfer Protocol (FTP), or HTTP/HTTPS (0038: HTTP). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach HTTP in order to include a variety of connections, as taught by Kras, paragraph 0038. Regarding claim 6, Beaumont lacks or fails to expressly disclose virtual network computing. However, Kras teaches the system of claim 1, wherein the multi-function network protocols comprise one or more of Virtual Network Computing (VNC), Team Viewer, NoMachine, X Windows System, SPICE, Citrix, Remote Desktop Service (RDS), VMWare Horizon, or AnyDesk (0032, VMware). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach VMware in order to include a variety of connections, as taught by Kras, paragraph 0032. Regarding claim 7, Beaumont lacks or fails to expressly disclose a router. However, Kras teaches the system of claim 1, wherein at least one of the independent computers are connected to Internet via a router (0105: router). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach a router in order to include a variety of connections, as taught by Kras, paragraph 0105. Regarding claim 8, Beaumont lacks or fails to expressly disclose a satellite modem. However, Kras teaches the system of claim 1, wherein at least one of the independent computers are connected to the Internet via at least one of a cellular or a satellite modem (0028: satellite band). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach a satellite modem in order to include a variety of connections, as taught by Kras, paragraph 0028. Regarding claim 10, Beaumont lacks or fails to expressly disclose SBC. However, Kras teaches the system of claim 1, wherein the independent computers are single-board computers (SBC) (0042: a single computing component). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach a SBC in order to include a variety of connections, as taught by Kras, paragraph 0042. Regarding claim 13, Beaumont lacks or fails to expressly disclose mitigation software. However, Kras teaches the system of claim 1, wherein traffic analysis mitigation software is installed on one or more of the independent computers (0063: some of these mitigation steps can be automated and performed by system software, however there are mitigation steps that must be taken by members of the organization). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach mitigation software in order prevent attacks, as taught by Kras, paragraph 0063. Regarding claim 14, Beaumont lacks or fails to expressly disclose a firewall. However, Kras teaches the system of claim 1, further comprising a firewall running on one or more of the devices of the system, configured to protect the thin-client device from malicious network traffic and/or to enforce data information flow policies (0034, firewall). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Kras to teach a firewall in order to prevent attacks, as taught by Kras, abstract. Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Beaumont as applied to claim 1 above, and further in view of Bar-Nahum et al, US 2019/0025858. Regarding claims 11-12, Beaumont lacks or fails to expressly disclose a Faraday Cages and vibration damping material. However, Bar-Nahum teaches the system of claim 1, wherein the independent computers are enclosed in one or more Faraday Cages (0066: structural isolation plate 320 acts as a Faraday cage for the noisy components); wherein the independent computers are isolated from each other with acoustic or vibration damping material (0085: Vibration dampers 332a, 332b may be comprised of a vibration damping material, such as carbon fiber.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Beaumont with Bar-Nahum to teach Faraday Cages and vibration damping material in order to operate a mitigation system, as taught by Bar-Nahum, abstract. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AUBREY H WYSZYNSKI/ Examiner, Art Unit 2434