Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is in response to the communication filed on 12/28/23.
Claims 1 – 50 are cancelled.
Claims 51 – 70 are pending.
Claims 51 – 62 and 70 are allowed.
Claims 63 – 69 are rejected.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.
Claim Interpretation
Within the claims, the term “computer” (e.g. “client computer”, “engine computer”, “remote computer”) is interpreted to represent any single computer or a plurality (i.e. collection) of computers which may be construed as performing the claimed functions.
See Applicant’s explicit definition: “…the term “computer” shall also be taken to include any collection of computers that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.” (Specification, par. 118).
Allowable Subject Matter
Claims 51 – 62 and 70 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:
The closest prior art discloses a system for enabling remote connection protocol between peripherals of a client device and a remote server. For example:
Finchelstein et al. (Finchelstein), W0 2019/186536 A1, teaches a system for secure communication between a client computer and a remote computer (e.g. Finchelstein, Abstract), comprising securely enabling “remote desktop” communications (e.g. Finchelstein, pg. 1:line 8), such as for establishing a secure channel between a cloud server 104, and the peripheral components 102, 103 (i.e. keyboard, display) of a client computer 101(e.g. Finchelstein, pg. 2:lines13-19; pg. 3:lines10-14; pg. 12:19-21), and for sending keystroke commands from the client device to the server (e.g. Finchelstein, pg. 3:lines 10-14; pg. 13:lines 22-28), wherein the server may send output data, such as display data, back to the peripheral, such as the display, of the client device (e.g. Finchelstein, pg. 13:lines29 – pg. 14, line 2; pg. 20: lines 21 - 28), wherein the client device and remote server are mutually authenticated (e.g. Finchelstein, pg. 16:lines 11 – 28), and the secure communication channel comprises a plurality of secured channels between the peripheral components and the remote server, each of the channels encrypted with a respective communication key (e.g. Finchelstein, pg. 16:lines 11 – 28; pg. 17:lines 1 - 22).
Basha P.R. et al. (Basha), US 9,992,185 B1 discloses the features of a remote desktop system between a client and server (e.g. Basha, Abstract; fig. 2A), and furthermore teaches that remote desktop systems employ a remote connection protocol, such as RDP or “remote desktop protocol” to enable such communications (e.g. Basha, Abstract; 2:61-65), wherein the “server” device should also accommodate a RDP, i.e. “RC”, server (e.g. Basha, fig. 2A:1:108 – RDP server). Furthermore, Basha teaches using an “engine computer” (e.g. Basha, fig. 2A:210), wherein the “engine computer” accommodates a remote desktop or “RC client” (e.g. Basha, fig. 2A:210a), wherein
Jain et al. (Jain), US 2015/0334151 A1 teaches that VDA proxies effectively function as a RDP or RC client (e.g. Jain, par. 45: “… Similarly, the VDA server 106 may function as a proxy RDP client … “).
However, the prior art fails to disclose, as found recited in combination with all remaining claimed limitations, the features of a method, programmed medium, and apparatus (i.e. “engine computer”), wherein the engine computer accommodates an RC client, receives the encrypted input data from the client computer, decrypts the encrypted input data into input data, and injects the input data to the RC client, wherein the RC client transmits the input data to the RC server.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 63 – 69 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Similarly, regarding claim 63, the recitations of “…enabling the engine computer…” (line 13), “…from the engine computer …” (line 17), and “…from the engine computer …” (line 22) renders the scope of the claim indefinite. Specifically, the claims comprise two separate instances of antecedent basis for claimed engine computers within lines 5-6 (e.g. “…providing an engine computer operatively connected …” and lines 8-9 (e.g. “…wherein an engine computer is operatively connected to the client computer …”). Thus, it is unclear as to which the previously recited “engine computers” that the applicant intends to reference.
Regarding claim 63, the recitation “…the output peripheral component…” (lines 17-18) lack antecedent basis within the claim, and thus renders the scope of the claims indefinite. For the purpose of examination, the examiner presumes the applicant to recite “… an output peripheral component…”.
Depending claims are rejected by virtue of dependency.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 63 – 69 are rejected under 35 U.S.C. 103 as being unpatentable over Finchelstein et al. (Finchelstein), W0 2019/186536 A1, in view of in view of Finchelstein et al. (Finchelstein-2), W0 2019/186546.
Regarding claim 63, Finchelstein discloses:
A client computer configured to securely communicate with a remote computer (e.g. Finchelstein, fig. 1:101), the client computer comprising:
an input peripheral component (e.g. Finchelstein, fig. 1:102; pg. 3:lines 10-14; pg. 13:lines 22-28) comprising a processor (e.g. Finchelstein, fig. 1:106) and memory unit (PMU) (e.g. Finchelstein, fig. 1:111; pg. 13:lines 7, 8; pg. 12, lines 1, 2) configured to:
receive input data from an input device (e.g. Finchelstein, fig. 1:107; pg. 3:lines 10-14; pg. 13:lines 22-28 – herein, the peripheral component may receive input, such as keystroke data from a keyboard), transmit the input data to an engine computer (e.g. Finchelstein, fig. 1:117; pg. 14:lines 4-7 – e.g. coding module integrated within remote computer) through a first secured end-to-end communication channel (e.g. Finchelstein, fig. 1:105(1) ) established between the input peripheral component and the engine computer (e.g. Finchelstein, Abstract; pg. 2:lines 11-15; pg. 14:lines 4-7), including encrypting the input data using a first communication key (e.g. Finchelstein, pg. 2:line 27 – pg. 3:line 2), wherein an engine computer is operatively connected to the client computer … (e.g. Finchelstein, fig. 1:112, 117 [Wingdings font/0xDF][Wingdings font/0xE0] 101).
Note, claim 63 is an apparatus claim, directed to the single structure and corresponding functions of a “client computer” (i.e. “A client computer configured to…”) – it is not a system type claim further comprising additional apparatuses or structures, such as “an engine computer” or “a remote computer” – nor is it a method claim comprising method steps performed by additional apparatuses or structures, such as the “engine computer” or “remote computer”.
Thus, it is noted that the highlighted and separated limitations below fail to further define the claimed apparatus, i.e. the client computer, over the prior art. Specifically, the highlighted recitations below are merely descriptive characterizations pertaining to an “engine computer” and a “remote computer” – neither of which are structurally or functionally comprised within or a part of the claimed “client computer” apparatus. Thus, these descriptive characterizations of devices outside of the scope of the claimed “client computer” do not further limit (neither structurally nor functionally) the claimed “client computer” over the prior art.
*****
….the engine computer configured to accommodate a remote connection (RC) client, the remote computer configured to accommodate a RC server, and wherein the RC client and the RC server are configured to communicate with each other under a RC protocol;
thereby enabling the engine computer to decrypt the encrypted input data using the first communication key, inject the input data to the RC client, and transmit the input data from the RC client to the RC server to be processed by the remote computer to generate output data;
and further receive the output data by the RC client from the RC server, transmit the output data from the engine computer to the output peripheral component…
*****
Finchelstein discloses:
through a second secured end-to-end communication channel (e.g. Finchelstein, fig. 1:105(2) ) established therebetween by encrypting the output data using a second communication key (e.g. Finchelstein, fig. 6:601; pg. 22:lines 26-32; pg. 23:lines 15-20);
and an output peripheral component … (e.g. Finchelstein, fig. 1:103; pg. 12:lines 15, 19, 21)
While Finchelstein discloses a “secured client computer” (e.g. Finchelstein, pg. 1:14-20; fig. 1:101) comprising peripheral components, such as component 102 – having a processor and memory, i.e. “PMU”, Finchelstein does not appear to explicitly illustrate the output display peripheral 103 as also having a processor and memory.
However, Finchelstein-2, in a complementary endeavor, further teaches that “secured client computers” may comprise output display peripherals, wherein the output display peripheral requires a “PMU” or a processor and memory to enable the display peripheral to securely process and display encrypted data (e.g. Finchelstein-2; par. 29, 32).
It would have been obvious to one of ordinary skill in the art to recognize the teachings of Finchelstein-2 that output display peripherals require a PMU, within the teachings of Finchelstein, that the output display peripheral 103 may also include similar modules (e.g. a processor unit and memory unit) as the processor and memory of an input peripheral 102.
This would have been obvious because one of ordinary skill in the art would have been motivated by the teachings that an output display peripheral requires the use of a PMU so as to enable the display peripheral to securely process encrypted output data (e.g. Finchelstein-2; par. 29).
Thus, the combination enables:
comprising a processor and memory unit (PMU) (e.g. Finchelstein, pg. 13:lines 19, 20; Finchelstein-2, par. 25, 29) configured to: receive the encrypted output data from the engine computer (e.g. Finchelstein, pg. 14: lines 4-7), and decrypt the encrypted output data into the output data which is rendered at an output device (e.g. Finchelstein, pg. 14: lines 4-7; Finchelstein-2; par. 29).
Regarding claim 64, Finchelstein discloses a “secured client computer” that may implement SGX, comprising enclaves for separating secure environments and untrusted environments within the client computer (e.g. Finchelstein, pg. 1:14-20), however, Finchelstein does not appear to explicitly teach a switching means for switching between environments that co-exist on the secured client computer.
However, Finchelstein-2, in a complementary endeavor, further teaches that “secured client computers” may implement SGX, comprising enclaves for separating secure environments and untrusted environments within the client computer (e.g. Finchelstein-2, par. 5, 30, 32, 33), and further teaches providing a switching means for switching between enclaves or co-existing environments on the secured client computer (e.g. Finchelstein-2; par. 5, sect. i, iii, xi, xiii, xiv, xv; par. 54, 86, 87).
It would have been obvious to one of ordinary skill in the art to recognize the teachings of Finchelstein-2 that SGX secured clients comprise means for switching between environments on the client within the SGX secured client of Finchelstein.
This would have been obvious because one of ordinary skill in the art would have been motivated by the teachings that a switching means provides the user of the client a way to safely switch between one SGX environment to another (e.g. Finchelstein-2; par. 5, 87, 88; fig. 6).
Thus, the combination enables:
wherein the client computer works in a secure mode, and wherein the client computer is configured to switch between the secure mode and an open mode upon a switching condition being met (e.g. Finchelstein-2, fig. 6; par. 5).
Regarding claim 65, the combination enables:
The client computer according to claim 64, wherein the switching condition is selected from a group comprising: automatic switch per predetermined periodicity, and manual switch per user's request (e.g. Finchelstein-2, fig. 6; par. 5).
Regarding claim 66, the combination enables:
wherein in response to the client computer switching from the secure mode to the open mode, upon receiving input data from an input device (e.g. Finchelstein-2, par. 86 – the user inputs instructions to switch between open and secured environments), the input peripheral component is further configured to transmit the input data to a processor of the client computer to be processed to generate output data (e.g. Finchelstein-2, par. 86, 87 – the user’s input data is processed to generate new environment data - including indications for the user of successful environment transitions - in response to the switching of environments), and the output peripheral component is further configured to receive the output data from the processor and render the output data at the output device (e.g. Finchelstein-2, par. 87 – the generated indication of the successful switch is output to the display for the user).
Regarding claim 67, the combination enables:
wherein the input peripheral component further comprises a demultiplexer configured to enable the switching between the secure mode and the open mode. (e.g. Finchelstein-2, par. 86 – herein the input component – e.g. keyboard – comprises a switching circuit, i.e. “demultiplexer”).
Regarding claim 68, the combination enables:
wherein the first and second secured end-to-end communication channel are each established by performing a two-way authentication, and creating a communication key usable for encryption. (e.g. Finchelstein, pg. 2:lines 22-28; pg. 3:lines 1-9; pg. 16:lines 21-27).
Regarding claim 69, the combination enables:
wherein the input peripheral component is a secure keyboard unit configured to encrypt keystroke data received from a keyboard (e.g. Finchelstein, fig. 1:107; pg. 3:lines 10-14; pg. 13:lines 22-28; pg. 19, sect. vii; – herein, the peripheral component may receive input, such as keystroke data from a keyboard, wherein the peripheral encrypts the input data and sends it to the remote computer), and the output peripheral component is a secure display unit configured to decrypt encrypted display data received from the engine computer (e.g. Finchelstein, fig. 1:103; pg. 12:lines 15, 19, 21; e.g. Finchelstein-2, par. 29).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
See Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965. The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JEFFERY L WILLIAMS/ Primary Examiner, Art Unit 2495