DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is response to communication: amendments/arguments filed on 07/15/2025
Claims 27-52 are currently pending in this application.
No new IDS was filed for this application.
Response to Arguments
In regards to the 112 rejection, applicants have stated that the amendments overcome the 112 rejections. However, the claims still remain unclear after the amendments. See amended rejections below.
In regards to the 112 rejections concerning the trademark claims, the claims were rendered unclear because a trademark was being used. Applicants have added the trademark symbol to the trademarks, but that doesn’t resolve the issue that trademarks merely describe goodwill and not the product itself.
In regards to the 103 rejection, applicants argue that Xia does not teach the claim limitations because Xia teaches a security policy but not an object configuration. This is not persuasive. As seen in Xia paragraph 43, the reference teaches a “perm_set” which represents an operation that can be performed on the access object (such as allow or forbid). Although the term “permission” is used, this is directly related to the object itself and its configuration. This “permission” is applied directly to the object, and thus, it reads on the configuration state of the object. Further, as seen in Xia, the permission is based on the object’s configuration only, and is not dependent on other factors such as a separate security policy or an operating system state. Applciant’s arguments are thus not persuasive. The combination of the 112 and 103 references render the claims non-obvious. See amended rejection below.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 27-52 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As per claims 27-52, independent claims 27 and 40 recite “allowing the first subject to access the first object and perform the first operation based on the first object being configured in the permissive mode, despite the security policy indicating … no permission… despite the security status… in the enforcing mode.” The claims seem to indicate that access control is based solely on the state of the object. The state of the operating system and other permissions do not even impact the decision. The claims also recite “allowing” the subject to access the first object. The term “allowing” simply means not preventing an action from happening. The claims as cited, thus recite not preventing a subject to access/perform an operation based on the object’s mode/status. As the claims are directed toward not preventing an action from happening, and that other factors aren’t even considered when making the determination, the scope of the claims are unclear.
Independent claims 33 and 46 are rejected similar to above. In addition, claims 33 and 46 recite forbidding an action from happening. This is based on the subject/object being in a particular state/mode (enforcing), based on the security policy indicating no permissions, and based on the security status (permissive mode). From the rules provided in the claims, it is unclear whether the mode of the object/subject, the mode of the operating system, the permissions based on the security policy, or a combination of the 3, ultimately lead to the forbidding of the access. In all 3 cases, such modes forbid an action. It is unclear what would be allowed if one of these modes allowed the action and the other modes forbade the action. As cited above, the scope of the claims are unclear.
In sum, the independent claims are unclear (thus making its dependents unclear), and the claims will be interpreted as a system with an access control policy, and overriding that policy based on whether the system is in an enforcing mode or permissive mode. Applicants are advised to amend the claims to clarify the status of the object and the status of the operating system, and to further include an active step of making a further determination based on the statuses.
Claims 38, 39, 51, and 52 contain the trademark/trade name Linux, Android, Apple, SELinux, and SEAndroid. Where a trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph. See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product. A trademark or trade name is used to identify a source of goods, and not the goods themselves. Thus, a trademark or trade name does not identify or describe the goods associated with the trademark or trade name. In the present case, the trademark/trade name is used to identify/describe operating systems and security statuses, and accordingly, the identification/description is indefinite.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 27-30, 32-43, and 45-52 are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. US Patent Application Publication 2019/0306719 (Chari), in view of Xia et al. US Patent Application Publication 2020/0380133 (Xia).
As per claim 27, as best understood by the Examiner, Chari teaches a method, applied to an operating system, wherein the method comprises: in response to a first subject accessing a first object to perform a first operation, determining, based on a security policy, that the first subject has no permission to access the first object to perform the first operation, wherein the first object is configured to be in a permissive mode, and wherein a security status in the operating system is an enforcing mode; and allowing the first subject to access the first object and perform the first operation (see paragraph 42 with entity attempts to perform certain action on particular object; system looks at policy to determine whether subject is allowed to access object; if action complies with policy, operation is permitted; if operation does not comply with policy, operation is not permitted; see also paragraph 50 with determining whether operations are to be executed based on policy; see paragraph 43, wherein in a permissive mode, a denial is not enforced; see also paragraph 59, wherein a normal operation of a mandatory access control environment is overridden based on factors).
As best understood by the Examiner, although Chari teaches overriding based on the security status in the operating system, Chari does not explicitly teach making determinations based on the configuration of the object. However, this would have been obvious. For example, see Xia (paragraph 41 with access objects; see paragraph 43 with rules set for the object, including a rule name such as allow (permissive)). Xia further teaches that the access is solel based on the object’s configuration (allow or forbid), and is not dependent on other factors such as other security policies or operating system status.
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Chari with Xia. One of ordinary skill in the art would have been motivated to perform such an addition to increase security and efficiency (paragraphs 3-4 of Xia).
As per claim 28, as best understood by the Examiner, Chari as modified teaches wherein the security policy comprises a first rule, and the first rule indicates the first object to work in the permissive mode (Xia paragraph 43 with object having forbid and allow rules).
As per claim 29, as best understood by the Examiner, Chari as modified teaches wherein the method further comprises aftetr the allowing the first subject access the first object and perform the firs operation, generating a first log, wherein the first log records information related to that the first subject accesses the first object to perform the first operation (Chari paragraph 43 and throughout with logging actions based on actions; also see Xia paragraph 45.)
As per claim 30, as best understood by the Examiner, Chari as modified teaches wherein the method further comprises: updating the security policy, wherein the updated security policy comprises a second rule, and the second rule indicates that the first subject is allowed to access the first object to perform the first operation (Xia paragraphs 4-6 and throughout with updating security policies; also see Chari pargraph 58 with modifying security parameters).
As per claim 32, as best understood by the Examiner, Chari as modified teaches wherein the method further comprises: based on that a second subject access a second object to perform a second operation, determining, based on the security policy, that the second subject has no permission to access to second object to perform the second operation, wherein the second object is not configured to be in the permissive mode; and forbidding the second subject to access the second object to perform the second operation (see Chari paragraph 42 with all actions to objects are monitored; subject access to operation is allowed or prohibited based on policy;).
As per claim 33, as best understood by the Examiner, Chari teaches a method, applied to an operating system, wherein the method comprises: in response to a first subject accessing a first object to perform a first operation, determining, based on a security policy, that the first subject has no permission to access the first object to perform the first operation, and wherein a security status in the operating system is in a permissive mode; forbidding the first subject to access the first object to perform the first operation based on the security policy indicating the first subject having no permission to access the first object to perform the first operation, and the security status in the operating system being in the permissive mode (see paragraph 42 with entity attempts to perform certain action on particular object; system looks at policy to determine whether subject is allowed to access object; if action complies with policy, operation is permitted; if operation does not comply with policy, operation is not permitted; see also paragraph 50 with determining whether operations are to be executed based on policy; see paragraph 43 wherein in enforcing mode (permissive mode), permissions are enforced).
As best understood by the Examiner, although Chari teaches overriding based on the security status in the operating system, Chari does not explicitly teach making determinations based on the configuration of the object. However, this would have been obvious. For example, see Xia (paragraph 41 with access objects; see paragraph 43 with rules set for the object, including a rule name such as forbid (enforcing mode)).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Chari with Xia. One of ordinary skill in the art would have been motivated to perform such an addition to increase security and efficiency (paragraphs 3-4 of Xia).
As per claim 34, as best understood by the Examiner, Chari as modified teaches wherein the security policy comprises a first rule, and the first rule indicates the first subject to work in the enforcing mode, or wherein the security policy comprises a second rule, wherein the second rule indicates the first object to work in the enforcing mode (see Xia paragraphs 43-44 with different rules that forbids or allows actions based on subject or object).
As per claim 35, as best understood by the Examiner, Chari as modified teaches wherein the method further comprises: updating the security policy, wherein the updated security policy comprises a third rule, and the third rule indicates that the first subject is allowed to access the first object to perform the first operation (Xia paragraphs 4-6 and throughout with updating security policies; also see Chari pargraph 58 with modifying security parameters).
As per claim 36, as best understood by the Examiner, it would have been obvious over the Chari combination where based on that a second subject accesses a second object to perform a second operation, determining, based on the security policy, that the second subject has no permission to access the second object to perform the second operation, wherein the second object and the second subject are not configured to be in the enforcing mode; and allowing the second subject to access the second object and perform the second operation (see Chari paragraph 42 with all actions to objects are monitored; subject access to operation is allowed or prohibited based on policy; see paragraph 43 wherein in permissive mode, permission denials are not enforced).
As per claim 37, Chari as modified teaches wherein the operating system performs mandatory access control based on a security label (Chari paragraph 58 and throughout).
As per claim 38, Chari as modified teaches wherein the operating system is a Linux-based operating system, an Android based operating system, or an Apple operating system (Chari paragraph 34 with android or apple).
As per claim 39, Chari as modified teaches wherein the security status is a status of security-enhanced Linux SELinux or of security-enhanced Android (SEAndroid) (paragarphs 39-40 and throughout with SELinux and SEAndroid).
Claim 40 is rejected using the same basis of arguments used to reject claim 27 above.
Claim 41 is rejected using the same basis of arguments used to reject claim 28 above.
Claim 42 is rejected using the same basis of arguments used to reject claim 29 above.
Claim 43 is rejected using the same basis of arguments used to reject claim 30 above.
Claim 45 is rejected using the same basis of arguments used to reject claim 32 above.
Claim 46 is rejected using the same basis of arguments used to reject claim 33 above.
Claim 47 is rejected using the same basis of arguments used to reject claim 34 above.
Claim 48 is rejected using the same basis of arguments used to reject claim 35 above.
Claim 49 is rejected using the same basis of arguments used to reject claim 36 above.
Claim 50 is rejected using the same basis of arguments used to reject claim 37 above.
Claim 51 is rejected using the same basis of arguments used to reject claim 38 above.
Claim 52 is rejected using the same basis of arguments used to reject claim 39 above.
Claim(s) 31 and 44 are rejected under 35 U.S.C. 103 as being unpatentable over the Chari combination as applied above, and further in view of Kuppannan et al. US Patent Application Publication 2021/0051178 (Kuppannan).
As per claim 31, as best understood by the Examienr, Chari as modified does not explicitly teach wherein the method further comprises: deleting the first rule from the security policy. However, updating rules, such as deleting them, would have been obvious to one of ordinary skill in the art. For example, see Kuppannan (paragraph 19 with deletion of rules in a security policy).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Chari combination with Kuppannan. One of ordinary skill in the art would have been motivated to perform such an addition to create more security and efficiency by automatically managing security policies (paragraph 2 of Kuppannan).
Claim 44 is rejected using the same basis of arguments used to reject claim 31 above.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431. The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/JASON K GEE/Primary Examiner, Art Unit 2495
Prosecution Insights