DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant’s amendment filed 02 February 2026 amends claims 1 and 6-8. Claims 3 and 5 have been cancelled. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues on page 6 of the response, “However, Jiang does not describe a virtual file description interface…”. This argument has been fully considered and is persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground of rejection is made in view of Jobi, U.S. Publication No. 2018/0189176.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 4, 7, 8 are rejected under 35 U.S.C. 103 as being unpatentable over Feist, U.S. Publication No. 2020/0226292, in view of Jiang, U.S. Patent No. 10,354,081, and further in view of Jobi, U.S. Publication No. 2018/0189176. Referring to claims 1, 7, 8, Feist discloses a host-based intrusion detection system (“HIDS”) that generates log messages in response to detected file system calls ([0052]-[0054]: central processing unit executes the HIDS), which meets the limitation of processing circuitry, [perform a hook for] a predetermined event relating to a log message. The log message data is hashed using a keyed-hash technique ([0055]), which meets the limitation of calculate a hash value from the log message [for each hook]. The log message data hashes can be encrypted using secret keys ([0011]), which meets the limitation of provide an encrypted digital signature to the hash value. The protected log data element is output for storage ([0055] & [0059]: protected log data includes the log data field and the HMAC value), which meets the limitation of output the log message and the hash value to which the digital signature is provided. The protected log data includes the log data field and the HMAC value such that the protected log data can be verified using the hash values ([0055] & [0059] & [0063]), which meets the limitation of verify integrity of the log message using the log message and the hash value to which the digital signature is provided. The HIDS generates log messages in response to detected file system calls that includes system calls to open a file ([0052]-[0054]: HIDS executes in an operating system), which meets the limitation of [perform a hook for] a file [append] event relating to the log message based on a [virtual file system description] interface. The log message data is hashed using a keyed-hash technique ([0055]), which meets the limitation of calculate a hash value [for each hook].
Feist does not specify the use of hooks. Jiang discloses the utilization of hooks to perform functionality in response to the detection of file system events such as writing to the file (Col. 3, line 42 – Col. 4, line 17: file write reads on the claimed append event), which meets the limitation of perform a hook for a file append event, for each hook. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the integrity protection system of Feist to have utilized hooks, in response to the detection of file system events, in order to perform the integrity protection functionality in order to provide a kernel level mechanism to notify when the file system event occurs as suggested by Jiang (Col. 4, lines 4-17 & Col. 5, lines 3-22).
Feist discloses that the system implements an operating system ([0052]). Feist does not disclose that the operating system includes a virtual file system description interface. Jobi discloses an operating system that implements Filesystem in Userspace (FUSE) ([0044]: FUSE reads on the claimed virtual file system description interface based upon Applicant’s specification [0026]), which meets the limitation of a virtual file system description interface. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the operation system of Feist to have implemented FUSE in order to provide an infrastructure for non-privileged users in the operating system to run a file system without editing operating system kernel code as discussed by Jobi ([0044]).
Referring to claim 2, Feist discloses that the hash value can be calculated in an HSM and calculated based on the log data element and a previous hash value ([0060]: HSM reads on the claimed secure element), which meets the limitation of calculate the hash value by updating a hash value when the log message is newly generated in a predetermined secure element. The log message data hashes can be encrypted using secret keys ([0011]) stored in the HSM ([0075]), which meets the limitation of provide the digital signatures by encrypting the hash value using a private key held in the secure element.
Referring to claim 4, Feist discloses a host-based intrusion detection system (“HIDS”) that generates log messages in response to detected file system calls that includes system calls to open a file ([0052]-[0054]), which meets the limitation of use a system call for monitoring file system events [to perform a hook] for a file open event relating to the log message. The log message data is hashed using a keyed-hash technique ([0055]), which meets the limitation of calculate the hash value [for each hook].
Feist does not specify the use of hooks. Jiang discloses the utilization of hooks to perform functionality in response to the detection of file system events (Col. 3, line 42 – Col. 4, line 17), which meets the limitation of to perform a hook, for each hook. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the integrity protection system of Feist to have utilized hooks, in response to the detection of file system events, in order to perform the integrity protection functionality in order to provide a kernel level mechanism to notify when the file system event occurs as suggested by Jiang (Col. 4, lines 4-17 & Col. 5, lines 3-22).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Feist, U.S. Publication No. 2020/0226292, in view of Jiang, U.S. Patent No. 10,354,081, in view of Jobi, U.S. Publication No. 2018/0189176, and further in view of Pigin, U.S. Publication No. 2005/0229258. Referring to claim 6, Feist discloses a host-based intrusion detection system (“HIDS”) that generates log messages in response to detected file system calls ([0052]-[0054]). Feist does not disclose that the file system call includes file close calls.
Pigin discloses verifying the integrity of files when the files are closed ([0266]), which meets the limitation of verify integrity of the log message when detecting a file close event relating to the log message. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the file system calls of Feist to have included file close calls in order to verify that the files have not been modified as suggested by Pigin ([0266]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437