USING TIMESTAMPS TO PREVENT DATA TAMPERING

DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1-5, 7-12, 14-18, 20, and 24-26 are pending. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/27/26 has been entered. Response to Arguments Applicant's arguments filed on 01/27/26 have been fully considered but are moot in view of the new grounds of rejection presented below in view of newly found prior art Gao. Claim Objections Claims 2, 8, and 15 are objected to because of the following informalities: “the second root timestamp” in last line of claim 2 lacks antecedent basis. “for root directory” in line 2 from bottom of claim 8 should read “for the root directory”. “untrusted storage” in line 7 from bottom of claim 15 should read “the untrusted storage”. Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 4, 7-8, 14-15, 20 and 24-26 are rejected under 35 U.S.C. 103 as being unpatentable over Heo (US 20190156069) in view of Trapp (US 20080040620) and further in view of Gao (US 20210064580). Claim 1, Heo discloses A confidential computing system comprising: a processor; and a memory device that stores program code configured to be executed by the processor, (e.g. fig. 1, ¶32-34) the program code comprising: a trusted data generator configured to: generate a concatenated data object comprising a first data object, a first location indication, and a first timestamp; (e.g. figs. 3, 5, 13, ¶64-65, 102: FIG. 5 is a block diagram illustrating an update of a timestamp, performed by an encryptor of FIG. 1, according to another embodiment of the present disclosure. In FIG. 5, a description will be given of a difference between an encryptor 130 of FIG. 5 and an encryptor 130 of FIG. 3. An encryption/decryption unit 133 may further concatenate an address as well as a timestamp with security data. A processor 120 of FIG. 1 may transmit an address indicating a location where security data is stored in an encryption data area 161 of FIG. 1 to an encryptor 130 of FIG. 1. Data concatenated with security data may be referred to as a “tag”. In FIGS. 2 and 3, the tag may include only a timestamp, but, in FIG. 5, the tag may further include an address.) encrypt the concatenated data object as an encrypted concatenated data object; (e.g. figs. 3, 5, 13, ¶64-65, 102: the encryption/decryption unit 133 may encrypt the concatenated data. In other words, encryption data may further include an encrypted address.) store the encrypted concatenated data object in untrusted storage in accordance with a first location indicated by the first location indication; and (e.g. figs. 5-6, 13, ¶64-65, 73, 103: FIG. 6 is a drawing illustrating encryption data stored in an encryption data area of FIG. 1 by an encryptor of FIG. 5. FIG. 6 will be described with reference to FIGS. 4 and 5. In FIG. 4, an encrypted address is not included in encryption data, but, in FIG. 6, an encrypted address may be included in encryption data. FIG. 4 illustrates encryption data stored by an encryptor 130 of FIG. 3. FIG. 6 illustrates encryption data stored by an encryptor 130 of FIG. 5.) store the first timestamp in trusted storage. (e.g. fig. 5, 13, ¶55, 72, 77: before a request of the timer 131 occurs, the checking logic 134 may store the first timestamp in advance. In another embodiment, when the request of the timer 131 occurs, the checking logic 134 may receive the first timestamp from the counter 132 and may store the first timestamp. The checking logic 134 may include a register for storing the first timestamp. Since the first timestamp, which is transmitted from the counter 132 and is stored in the checking logic 134, exists in the SoC 110, it may be valid.) Although Heo discloses storing the first timestamp in a storage (see above), Heo does not appear to explicitly disclose but Trapp discloses store the first timestamp in a tree structure of timestamps stored in the untrusted storage; determine a first root timestamp for the tree structure of timestamps; and store the first root timestamp in trusted storage. (e.g. figs. 1, 3, 7-8, ¶34-35, 42, 64, 66: In step 202 a tree-like, hierarchical data structure, called the check tree, is maintained, which consists of check entries which are stored in check items. A check entry records the last modification time of the item that links to it. The tree-like structure is maintained with the use of links from primary item 110 to check items 109 along a path to the root 108. In step 203, the value of the Global Counter 104, which shows the last modification time of the root 108 of the check tree 140, is preserved inside the secure environment 150… FIG. 7 shows the secure environment 701 but it omits the components that had been shown in FIG. 1 inside the secure environment 150. It also shows a non-secure data store 702 with primary items 706. The important distinction between this data store 702 and the data store 107 of FIG. 1 is that only some of the check items 705 are placed in the data store 702. The root 703 of the check tree, and maybe several layers of check items 704, which are close to the root 703, are placed inside the secure environment. FIG. 7 shows a subset of a check tree as an example: dashed arrows stand for arbitrary layers of check items… FIG. 8 illustrates another embodiment of the invention which is essentially a modification of FIG. 7. In comparison to FIG. 7, the check items 803 inside the secure environment 801 do not have links to check entries. Links are required for check items 804 and primary items 805 in the data store 802, but they are not necessary for items inside the secure environment 801) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Trapp into the invention of Heo for the purpose of providing protection against replay attacks (Trapp, ¶30). Although Heo-Trapp discloses store the first timestamp in a tree structure of timestamps stored in the untrusted storage and determine a first root timestamp for the tree structure of timestamps (see above), the combination does not appear to explicitly disclose but Gao discloses store the first timestamp in a first directory of a tree structure of timestamps, store a first directory timestamp of the first directory in a root directory of the tree structure of timestamps and determine a first root timestamp for the root directory of the tree structure of timestamps (e.g. figs. 5-6, ¶67, 70, 72: FIG. 5 depicts a block diagram of an exemplary file system tree 500, according to an embodiment. Tree 500 represents organization or hierarchy of files 200 within chunk store 134 and/or storage(s) 114A. Directory 502 may be, for example, an electronic folder as commonly known in the art. Each directory 502 may have any number of child files 200 or child directories 502. A “child” file 200 or directory 502 may be regarded as contained within its parent directory 502. A child file 200 or child directory 502 may be a direct or indirect child…Each directory 502 is associated with or comprises a timestamp queue (TQ) 504. In an embodiment, TQ 504 is stored as a property or an attribute of its associated directory 502. TQ 504 may be, for example, an array data structure. TQ 504 may be limited in the number of entries that it may contain, such as for example, five entries, ten entries, or a hundred entries. Each entry within TQ 504 is a logical timestamp. The logical timestamp is the GLC logical time of GLC 174 at the time that the timestamp is added to TQ 504. Adding a timestamp to TQ 504 of directory 502 may be referred to as “marking” that directory 502 with the timestamp. If TQ 504 of directory 502 contains a timestamp, then that directory 502 may be regarded as “marked” by that timestamp. Adding timestamps to TQ 504 is further described below with reference to FIG. 6…The following is a summary of method 600. When a file 200 is updated or newly created, method 600 checks whether the directory 502 in which the file 200 is located has been labeled with a timestamp of current logical time of GLC 174. If not, then that directory is labeled with the current logical time. The same determination and timestamping is performed for each parent and ancestor directory 502 of the file 200, up tree 500, until either (a) a directory 502 is reached that has been labeled with the current logical time (e.g., such as from a previous execution of method 600 for a different file 200), or (b), the root directory 502 is reached and there are no more parent or ancestor directories 502 to evaluate.). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gao into the invention of Heo-Trapp for the purpose of enabling the system to use less of other computing resources such as processing and memory thereby improving the functioning of the computer itself and the functioning of a computer’s storage system (Gao, ¶14). Claim 2, Heo-Trapp-Gao discloses The confidential computing system of claim 1, the program code further comprising: a trusted data validator configured to: retrieve the first timestamp from the trusted storage; (Heo, e.g. figs. 3, 5, 7, 13, ¶55, 72, 77) retrieve the encrypted concatenated data object from the untrusted storage in accordance with the first location; decrypt the retrieved encrypted concatenated data object; extract the first data object, the first location indication, and a second timestamp from the decrypted concatenated data object; and (Heo, e.g. figs. 3, 5, 7, 13, ¶53, 64-65, 107-108) validate the first data object by: comparing the first location to the first location indication; and comparing the second timestamp to the first timestamp. (Heo, e.g. figs. 3, 5, 7, 13, ¶55, 68-69, 71-72, 76-78, 107-108) Although Heo discloses retrieving the first timestamp from the trusted storage and comparing the second timestamp to the first timestamp (see above), Heo does not appear to explicitly disclose but Trapp disclose retrieve the first root timestamp from the trusted storage and comparing the second root timestamp to the first root timestamp (e.g. figs. 1-3, 6-8, ¶9, 37-40, 43, 58) Same motivation as in claim 1 would apply. Claim 4, Heo-Trapp-Gao discloses The confidential computing system of claim 2, wherein the trusted data validator is configured to validate the second timestamp responsive to determining that the second timestamp is equal to or greater than the first timestamp. (Heo, e.g. figs. 3, 5, 7, 13, ¶55, 68, 72, 76-77, 108) Claim 7, Heo-Trapp-Gao discloses The confidential computing system of claim 1, the program code further comprising: a trusted timestamp generator configured to generate the first timestamp for the trusted data generator. (Heo, e.g. figs. 3, 5, ¶45, 55) Claim 8, Heo discloses A method for writing data, comprising: generating a concatenated data object comprising a data object, a location indication, and a first timestamp; (e.g. figs. 3, 5, 13, ¶64-65, 102: FIG. 5 is a block diagram illustrating an update of a timestamp, performed by an encryptor of FIG. 1, according to another embodiment of the present disclosure. In FIG. 5, a description will be given of a difference between an encryptor 130 of FIG. 5 and an encryptor 130 of FIG. 3. An encryption/decryption unit 133 may further concatenate an address as well as a timestamp with security data. A processor 120 of FIG. 1 may transmit an address indicating a location where security data is stored in an encryption data area 161 of FIG. 1 to an encryptor 130 of FIG. 1. Data concatenated with security data may be referred to as a “tag”. In FIGS. 2 and 3, the tag may include only a timestamp, but, in FIG. 5, the tag may further include an address.) encrypting the concatenated data object; (e.g. figs. 3, 5, 13, ¶64-65, 102: he encryption/decryption unit 133 may encrypt the concatenated data. In other words, encryption data may further include an encrypted address.) storing the encrypted concatenated data object in untrusted storage in accordance with a location indicated by the location indication; and (e.g. figs. 5-6, 13, ¶64-65, 73, 103: FIG. 6 is a drawing illustrating encryption data stored in an encryption data area of FIG. 1 by an encryptor of FIG. 5. FIG. 6 will be described with reference to FIGS. 4 and 5. In FIG. 4, an encrypted address is not included in encryption data, but, in FIG. 6, an encrypted address may be included in encryption data. FIG. 4 illustrates encryption data stored by an encryptor 130 of FIG. 3. FIG. 6 illustrates encryption data stored by an encryptor 130 of FIG. 5.) protecting the timestamp in trusted storage; (e.g. fig. 5, 13, ¶55, 72, 77: before a request of the timer 131 occurs, the checking logic 134 may store the first timestamp in advance. In another embodiment, when the request of the timer 131 occurs, the checking logic 134 may receive the first timestamp from the counter 132 and may store the first timestamp. The checking logic 134 may include a register for storing the first timestamp. Since the first timestamp, which is transmitted from the counter 132 and is stored in the checking logic 134, exists in the SoC 110, it may be valid.) Although Heo discloses protecting the timestamp in trusted storage (see above), Heo does not appear to explicitly disclose but Trapp discloses storing the first timestamp in a tree structure of timestamps stored in the untrusted storage; determining a root timestamp for the tree structure of timestamps; and protecting the root timestamp in trusted storage. (e.g. figs. 1, 3, 7-8, ¶34-35, 42, 64, 66: In step 202 a tree-like, hierarchical data structure, called the check tree, is maintained, which consists of check entries which are stored in check items. A check entry records the last modification time of the item that links to it. The tree-like structure is maintained with the use of links from primary item 110 to check items 109 along a path to the root 108. In step 203, the value of the Global Counter 104, which shows the last modification time of the root 108 of the check tree 140, is preserved inside the secure environment 150… FIG. 7 shows the secure environment 701 but it omits the components that had been shown in FIG. 1 inside the secure environment 150. It also shows a non-secure data store 702 with primary items 706. The important distinction between this data store 702 and the data store 107 of FIG. 1 is that only some of the check items 705 are placed in the data store 702. The root 703 of the check tree, and maybe several layers of check items 704, which are close to the root 703, are placed inside the secure environment. FIG. 7 shows a subset of a check tree as an example: dashed arrows stand for arbitrary layers of check items… FIG. 8 illustrates another embodiment of the invention which is essentially a modification of FIG. 7. In comparison to FIG. 7, the check items 803 inside the secure environment 801 do not have links to check entries. Links are required for check items 804 and primary items 805 in the data store 802, but they are not necessary for items inside the secure environment 801) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Trapp into the invention of Heo for the purpose of providing protection against replay attacks (Trapp, ¶30). Although Heo-Trapp discloses storing the first timestamp in a tree structure of timestamps stored in the untrusted storage and determining a root timestamp for the tree structure of timestamps (see above), the combination does not appear to explicitly disclose but Gao discloses storing the first timestamp in a first directory of a tree structure of timestamps, storing a first directory timestamp of the first directory in a root directory of the tree structure of timestamps and determining a root timestamp for root directory of the tree structure of timestamps (e.g. figs. 5-6, ¶67, 70, 72: FIG. 5 depicts a block diagram of an exemplary file system tree 500, according to an embodiment. Tree 500 represents organization or hierarchy of files 200 within chunk store 134 and/or storage(s) 114A. Directory 502 may be, for example, an electronic folder as commonly known in the art. Each directory 502 may have any number of child files 200 or child directories 502. A “child” file 200 or directory 502 may be regarded as contained within its parent directory 502. A child file 200 or child directory 502 may be a direct or indirect child…Each directory 502 is associated with or comprises a timestamp queue (TQ) 504. In an embodiment, TQ 504 is stored as a property or an attribute of its associated directory 502. TQ 504 may be, for example, an array data structure. TQ 504 may be limited in the number of entries that it may contain, such as for example, five entries, ten entries, or a hundred entries. Each entry within TQ 504 is a logical timestamp. The logical timestamp is the GLC logical time of GLC 174 at the time that the timestamp is added to TQ 504. Adding a timestamp to TQ 504 of directory 502 may be referred to as “marking” that directory 502 with the timestamp. If TQ 504 of directory 502 contains a timestamp, then that directory 502 may be regarded as “marked” by that timestamp. Adding timestamps to TQ 504 is further described below with reference to FIG. 6…The following is a summary of method 600. When a file 200 is updated or newly created, method 600 checks whether the directory 502 in which the file 200 is located has been labeled with a timestamp of current logical time of GLC 174. If not, then that directory is labeled with the current logical time. The same determination and timestamping is performed for each parent and ancestor directory 502 of the file 200, up tree 500, until either (a) a directory 502 is reached that has been labeled with the current logical time (e.g., such as from a previous execution of method 600 for a different file 200), or (b), the root directory 502 is reached and there are no more parent or ancestor directories 502 to evaluate.). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gao into the invention of Heo-Trapp for the purpose of enabling the system to use less of other computing resources such as processing and memory thereby improving the functioning of the computer itself and the functioning of a computer’s storage system (Gao, ¶14). Claim 14, Heo-Trapp-Gao discloses The method of claim 8, wherein the first timestamp is generated by a trusted timestamp server running in a trusted environment. (Heo, e.g. figs. 3, 5, ¶45, 55) Claim 15, Heo discloses A method for reading data, comprising: retrieving a timestamp from trusted storage; (e.g. figs. 3, 5, 7, 13, ¶55, 72, 77: before a request of the timer 131 occurs, the checking logic 134 may store the first timestamp in advance. In another embodiment, when the request of the timer 131 occurs, the checking logic 134 may receive the first timestamp from the counter 132 and may store the first timestamp. The checking logic 134 may include a register for storing the first timestamp. Since the first timestamp, which is transmitted from the counter 132 and is stored in the checking logic 134, exists in the SoC 110, it may be valid. The checking logic 134 may compare the first timestamp stored in the checking logic 134 with a decryption timestamp transmitted from the encryption/decryption unit 133…when a decryption timestamp is identical to a first timestamp stored in the checking logic 134) and untrusted storage having stored a first timestamp associated with an encrypted concatenated object; (e.g. figs. 5-6, 13, ¶64-65, 73, 103: FIG. 6 is a drawing illustrating encryption data stored in an encryption data area of FIG. 1 by an encryptor of FIG. 5. FIG. 6 will be described with reference to FIGS. 4 and 5. In FIG. 4, an encrypted address is not included in encryption data, but, in FIG. 6, an encrypted address may be included in encryption data. FIG. 4 illustrates encryption data stored by an encryptor 130 of FIG. 3. FIG. 6 illustrates encryption data stored by an encryptor 130 of FIG. 5.) retrieving the encrypted concatenated data object from a storage location in untrusted storage; decrypting the retrieved encrypted concatenated data object; extracting a data object, a location indication, and a second timestamp from the decrypted concatenated data object; and (e.g. figs. 3, 5, 7, 13, ¶53, 64-65, 107-108: The encryption/decryption unit 133 may transmit a read command to the memory device 160 in response to a request of the timer 131. The encryption/decryption unit 133 may receive encryption data (or read data) including the first timestamp using the read command. The encryption/decryption unit 133 may decrypt the encryption data into decryption data…In FIGS. 2 and 3, the tag may include only a timestamp, but, in FIG. 5, the tag may further include an address. The encryption/decryption unit 133 may encrypt the concatenated data. In other words, encryption data may further include an encrypted address. The encryption/decryption unit 133 may perform a decryption operation and may transmit a decryption address and a decryption timestamp of decryption data to a checking logic 134… In operation S140, the memory device 160 may transmit the encryption data to the encryptor 130 in response to the request of the encryptor 130. In operation S145, the encryptor 130 may decrypt the encryption data transmitted from the memory device 160 into decryption data.) validating the data object by: comparing the storage location to the location indication; and comparing the timestamp to the second timestamp. (e.g. figs. 3, 5, 7, 13, ¶55, 68-69, 71-72, 76-78, 107-108: The checking logic 134 may determine or check whether each of a decryption address and a decryption timestamp is valid. In this case, when the decryption address is not valid or when the decryption timestamp is not valid, the checking logic 134 may output an error to elements in an SoC 110 of FIG. 1... The checking logic 134 may compare an address of the address generator 139 (i.e., an address for security data) with a decryption address transmitted from the encryption/decryption unit 133, and may determine or check whether the decryption address is valid based on the compared result. When a decryption address is identical to an address of the address generator 139 (i.e., an address for security data) and when a decryption timestamp is identical to a first timestamp stored in the checking logic 134) Although Heo discloses retrieving a timestamp from a trusted storage, untrusted storage having stored a first timestamp associated with an encrypted concatenated object, and comparing the timestamp to the second timestamp (see above), Heo does not appear to explicitly disclose but Trapp discloses retrieving a root timestamp from trusted storage and comparing the root timestamp to the second timestamp (e.g. figs. 1-3, 6-8, ¶9, 37-40, 43, 58: When a primary item 110 is read from a data store 107, the item's timestamp must still match the value in its check entry. The timestamp of the check item, which holds this check entry, must match its own check entry and so on, up to the root 108 of the check tree 140. The timestamp of the check tree's root 108 must always be equal to the actual virtual time inside the secure environment 150 (as indicated by the Global Counter 104).) the root timestamp associated with a tree structure of timestamps stored in untrusted storage, the tree structure of timestamps having stored a first timestamp associated with the tree structure of timestamps (e.g. figs. 1, 3, 7-8, ¶34-35, 42, 64, 66: In step 202 a tree-like, hierarchical data structure, called the check tree, is maintained, which consists of check entries which are stored in check items. A check entry records the last modification time of the item that links to it. The tree-like structure is maintained with the use of links from primary item 110 to check items 109 along a path to the root 108. In step 203, the value of the Global Counter 104, which shows the last modification time of the root 108 of the check tree 140, is preserved inside the secure environment 150… FIG. 7 shows the secure environment 701 but it omits the components that had been shown in FIG. 1 inside the secure environment 150. It also shows a non-secure data store 702 with primary items 706. The important distinction between this data store 702 and the data store 107 of FIG. 1 is that only some of the check items 705 are placed in the data store 702. The root 703 of the check tree, and maybe several layers of check items 704, which are close to the root 703, are placed inside the secure environment. FIG. 7 shows a subset of a check tree as an example: dashed arrows stand for arbitrary layers of check items… FIG. 8 illustrates another embodiment of the invention which is essentially a modification of FIG. 7. In comparison to FIG. 7, the check items 803 inside the secure environment 801 do not have links to check entries. Links are required for check items 804 and primary items 805 in the data store 802, but they are not necessary for items inside the secure environment 801) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Trapp into the invention of Heo for the purpose of providing protection against replay attacks (Trapp, ¶30). Heo-Trapp does not appear to explicitly disclose but Gao discloses the root timestamp associated with a root directory of a tree structure of timestamp, the root directory of the tree structure of timestamps having stored a first directory timestamp associated with a first directory of the tree structure of timestamps and the first directory having stored a first time stamp (e.g. figs. 5-6, ¶67, 70, 72: FIG. 5 depicts a block diagram of an exemplary file system tree 500, according to an embodiment. Tree 500 represents organization or hierarchy of files 200 within chunk store 134 and/or storage(s) 114A. Directory 502 may be, for example, an electronic folder as commonly known in the art. Each directory 502 may have any number of child files 200 or child directories 502. A “child” file 200 or directory 502 may be regarded as contained within its parent directory 502. A child file 200 or child directory 502 may be a direct or indirect child…Each directory 502 is associated with or comprises a timestamp queue (TQ) 504. In an embodiment, TQ 504 is stored as a property or an attribute of its associated directory 502. TQ 504 may be, for example, an array data structure. TQ 504 may be limited in the number of entries that it may contain, such as for example, five entries, ten entries, or a hundred entries. Each entry within TQ 504 is a logical timestamp. The logical timestamp is the GLC logical time of GLC 174 at the time that the timestamp is added to TQ 504. Adding a timestamp to TQ 504 of directory 502 may be referred to as “marking” that directory 502 with the timestamp. If TQ 504 of directory 502 contains a timestamp, then that directory 502 may be regarded as “marked” by that timestamp. Adding timestamps to TQ 504 is further described below with reference to FIG. 6…The following is a summary of method 600. When a file 200 is updated or newly created, method 600 checks whether the directory 502 in which the file 200 is located has been labeled with a timestamp of current logical time of GLC 174. If not, then that directory is labeled with the current logical time. The same determination and timestamping is performed for each parent and ancestor directory 502 of the file 200, up tree 500, until either (a) a directory 502 is reached that has been labeled with the current logical time (e.g., such as from a previous execution of method 600 for a different file 200), or (b), the root directory 502 is reached and there are no more parent or ancestor directories 502 to evaluate.). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gao into the invention of Heo-Trapp for the purpose of enabling the system to use less of other computing resources such as processing and memory thereby improving the functioning of the computer itself and the functioning of a computer’s storage system (Gao, ¶14). Claim 20, Heo-Trapp-Gao discloses The method of claim 15, (see above) and Heo discloses wherein the validation of the data object by comparing the timestamp to the second timestamp comprises validating the second timestamp responsive to determining that the second timestamp is equal to or greater than the timestamp. (Heo, e.g. figs. 3, 5, 7, 13, ¶55, 68, 72, 76-77, 108) Heo does not appear to explicitly disclose but Trapp discloses comparing the root timestamp to the second timestamp comprises validating the second timestamp responsive to determining that the second timestamp is equal to or greater than the root timestamp. (e.g. figs. 1-3, 6-8, ¶9, 37-40, 43, 58). Same motivation as in claim 15 would apply. Claim 24, Heo-Trapp-Gao discloses The confidential computing system of claim 1, wherein the trusted data generator is further configured to: store a second directory timestamp of a second directory in a root directory of the tree structure of timestamps. (Gao, e.g. figs. 5-6, ¶67, 70, 72). Same motivation as in claim 1 would apply. Claims 25 and 26, these claims are rejected for similar reasons as in claim 24. Claims 3, 5, 9-10, 12, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Heo (US 20190156069) in view of Trapp (US 20080040620) further in view of Gao (US 20210064580) and further in view of Villegas (US 20230153470). Claim 3, Heo-Trapp-Gao discloses The confidential computing system of claim 2, (see above) and Heo does not appear to explicitly disclose but Villegas discloses wherein the trusted data validator is further configured to: extract a first integrity value from the decrypted concatenated data object; and further validate the first data object by: calculating a second integrity value based at least on the first data object; and comparing the second integrity value to the first integrity value. (e.g. ¶102-103). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Villegas into the invention of Heo-Trapp-Gao for the purpose of verifying the integrity of the data and proceeding accordingly (Villegas, ¶103) thereby further increasing security. Claim 5, Heo-Trapp-Gao discloses The confidential computing system of claim 1, wherein the trusted data generator is configured to: generate the concatenated data object comprising the first data object, the first location indication, the first timestamp. (Heo, e.g. figs. 3, 5, 13, ¶64-65, 102) Although Heo discloses the concatenated data object comprising the first data object, the first location indication, the first timestamp (see above), Heo does not appear to explicitly disclose but Villegas discloses the concatenated data object comprising an integrity value (e.g. ¶62). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Villegas into the invention of Heo-Trapp-Gao for the purpose of enabling verification of the integrity of the data and proceeding accordingly (Villegas, ¶62, 103) thereby further increasing security. Claim 9, Heo-Trapp-Gao discloses The method of claim 8, wherein the concatenated data object comprises the data object, the location indication, the first timestamp. (Heo, e.g. figs. 3, 5, 13, ¶64-65, 102) Although Heo discloses the concatenated data object comprising the data object, the location indication, the timestamp (see above), Heo does not appear to explicitly disclose but Villegas discloses the concatenated data object comprising an integrity value (e.g. ¶62). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Villegas into the invention of Heo-Trapp-Gao for the purpose of enabling verification of the integrity of the data and proceeding accordingly (Villegas, ¶62, 103) thereby further increasing security. Claim 10, Heo-Trapp-Gao-Villegas discloses The method of claim 9, further comprising: calculating the integrity value based on the data object. (Villegas, e.g. ¶62, 64). Same motivation as in claim 9 would apply. Claim 12, Heo-Trapp-Gao discloses The method of claim 8, wherein said encrypting the concatenated data object comprises encrypting the concatenated data object using encryption. (Heo, e.g. ¶47) Although Heo discloses encryption (see above), Heo does not appear to explicitly disclose but Villegas discloses authenticated encryption (e.g. ¶62) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Villegas into the invention of Heo-Trapp-Gao for the purpose of ensuring the confidentiality and authenticity of the data (Villegas, ¶62). Claim 16, Heo-Trapp-Gao discloses The method of claim 15, (see above) and Heo does not appear to explicitly disclose but Villegas discloses further comprising: extracting a first integrity value from the decrypted concatenated data object; and further validating the data object by: calculating a second integrity value based at least on the data object; and comparing the second integrity value to the first integrity value. (e.g. ¶102-103). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Villegas into the invention of Heo-Trapp-Gao for the purpose of verifying the integrity of the data and proceeding accordingly (Villegas, ¶103). Claim 18, Heo-Trapp-Gao discloses The method of claim 15, wherein said decrypting the concatenated data object comprises decrypting the concatenated data object using decryption. (Heo, e.g. figs. 3, 5, ¶45, 53, 55, 65, 108) Although Heo disclose encryption (see above), Heo does not appear to explicitly disclose but Villegas discloses authenticated encryption (e.g. ¶62, 102-103) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Villegas into the invention of Heo-Trapp-Gao for the purpose of verifying the integrity of the data and proceeding accordingly (Villegas, ¶103). Allowable Subject Matter Claims 11 and 17 would be allowable if rewritten (a) in independent form including all of the limitations of the base claim and any intervening claims and (b) to overcome the claim objections set forth above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Trapp (US 20040187006) discloses a method to recognize and prevent replay attacks during queries against an external (non-secure) data store made by an application running in a secure computational environment… The Global Counter (the timer) 104, the Encoding/Decoding Service 103, the Message Digest Service 105 and the Encryption Engine 115 are also logically located (i.e., not necessarily physically located) within the secure environment 150… Details of the structure of items and the check tree 140 will be given in FIG. 3. The Encoding/Decoding Service 103 uses the Message Digest Service 105 to compute a MAC (Message Authentication Code) for the augmented data (which includes the link and timestamp) using the MAC key 106. Optionally, the data being written into the primary and check items can be encrypted and decrypted using the Encryption Engine 115. The augmented and protected data is then written into a primary item 110 inside the data store 107… A read operation begins when the application 101, inside the secure environment 150, delegates a request for application data 102 to the Encoding/Decoding Service 103. The Encoding/Decoding Service 103 reads the requested primary item 110 and all check items 109 that are on the path from the requested primary item 110, up to and including the root 108 of the check tree 140. For all items that are read, the Encoding/Decoding Service 103 uses the Message Digest Service 105, with the MAC key 106, to verify that all MACs in the read items are correct. For these tests, the Encoding/Decoding Service 103 recomputes a MAC for the data (including link and timestamp) stored in the item, and compares it to the MAC that is currently stored in the item. If the data is authentic, i.e. it was generated by the Encoding/Decoding Service 103, both values (the MAC that is currently stored in the item and the recomputed MAC value) are the same. If the MAC comparison is successful, the Encoding/Decoding Service 103 then determines if the timestamp value of the root 108 of the check tree 140 is equal to the actual value of the Global Counter 104. If the MAC comparison is not successful, the read operation terminates and an error is reported to the caller…Additionally, the Encoding/Decoding Service 103 determines, for all other items read, whether their timestamp values are identical to the values stored in the check entries referenced by the item's link 111. The Encoding/Decoding Service 103 performs a check to determine whether each item on the path from the primary item 110 to the root 108 is fresh… FIG. 3 shows the detailed structure of primary items 110 and check items 109 in the check tree 140. It shows a subset 300 of check tree 140 as an example: dashed arrows stand for arbitrary layers of check items 109. Primary items 110 consist of two parts: the content, 302, which holds application data, and the control information which contains: a timestamp 303, a link 304 which holds the address of a check entry, and a MAC 305. Check items 109 contain an array 307 of at least two check entries, and, as in primary items, a timestamp 308, a link 309 to a check entry, and a MAC 310. Timestamps 308 denote the point in virtual time (which value is provided by the Global Counter 104) when the item was last written. The MAC 310 protects the content of the items against unrecognized modification…Link 402 contains two values: a reference to a Check Item 404, expressed by the location association, and an integer value called idx, which is used to select a check entry in the check item. A location is a value that uniquely identifies an item in the data store 107. Bandic (US 20120110343) discloses secure timestamps created by a data storage device are described. Metadata timestamp is created for each recorded unit of data (such as a sector) The HDD performs the time-stamping in a secure manner. The timestamp is made secure by performing a secure operation (i.e. one that can only be performed by the HDD) using the data and timestamp. The secure operation uses a secure key that is built-in to the storage device and is not readable outside of the device. In some embodiments the secure operation is encryption using the secure key. In other embodiments the secure operation is a hash code function (such as a Hash-based Message Authentication Code (HMAC) function) that uses the secure key to generate a hash code using at least the recorded data and the timestamp as input. The hash code is then included in the metadata that is recorded for the data unit. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312. The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TRONG H NGUYEN/Primary Examiner, Art Unit 2436