Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsBeyond Semiconductor D O O › 18826947
Last updated: April 19, 2026
Application No. 18/826,947

SYSTEMS AND METHODS FOR DATA-DRIVEN SECURE AND SAFE COMPUTING

Non-Final OA §101§103§112§DP
Filed
Sep 06, 2024
Examiner
JEUDY, JOSNEL
Art Unit
2438
Tech Center
2400 — Computer Networks
Assignee
Beyond Semiconductor D O O
OA Round
1 (Non-Final)
84%
Grant Probability
Favorable
1-2
OA Rounds
2y 11m
To Grant
67%
With Interview

Interview Optional

-16.9% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 788 resolved cases, 2023–2026

Examiner Intelligence

JEUDY, JOSNEL View full profile →
Grants 84% — above average
84%
Career Allow Rate
659 granted / 788 resolved
+25.6% vs TC avg
Minimal -17% lift
Without
With
+-16.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
21 currently pending
Career history
809
Total Applications
across all art units

Statute-Specific Performance

§101
19.1%
-20.9% vs TC avg
§103
49.0%
+9.0% vs TC avg
§102
6.8%
-33.2% vs TC avg
§112
8.9%
-31.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 788 resolved cases

Office Action

§101 §103 §112 §DP
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 1.This action is responsive to the communication filed on January 27, 2025. At this time, claim 1 is cancelled. Claims 2-22 are pending and addressed below. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Objection Claims 2, 9 ,16, 17 and 20 are objected to because of the following informalities: As to claims 2, 9 and 16; these claims recite the word “substantially “, it is either at the same time or “ not at the same time “. Appropriate correction is required. As to claim 17, the claim recites “ and transformation unit “ which omits the word “ the”; examiner suggests “ and the and transformation unit…” Appropriate correction is required. As to claim 20, the claim recites “ the data associated property “ which omits the word “ corresponding”; examiner suggests “ the corresponding data associated property.” Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 19 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. As to claim 19, the claim recites the limitation "the first logic". There is insufficient antecedent basis for this limitation in the claim. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998}; in re Goodman. 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); in re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1885): In re Van Qmum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982): In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970): and in re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer In compliance with 37 CFR 1,321 (c) or 1,321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1984, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). Claims 2, 9 and 16 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1 and 10 of US Patent number 12130951. The conflicting claims are not identical, they are not patentably distinct from each other because the current application contains claims that are broader in scope than the claims of the patent number 12130951 and are anticipated by the claims 1 and 10. This is a non- provisional double patenting rejection since the conflicting claims have in fact been patented. Claims Comparison Table Application Number 18/826,947 Patent Number 12130951 2. (New) A system for data driven secure computing, comprising: a computing system including: an input perimeter guard including logic for receiving a first input datum and a policy and generating an output datum and a corresponding data associated property associated with that output datum, wherein the output datum and the corresponding data associated property are generated based on the first input datum and the policy, and wherein the input perimeter guard is coupled to a transformation unit and a property propagation unit distinct from the transformation unit and is adapted to: provide the generated output datum as a second input datum to the transformation unit, and provide the data associated property corresponding to the generated output datum to the properties propagation unit at substantially the same time the generated output datum is provided to the transformation unit.. 1. A system for data driven secure computing, comprising: a computing system including: a transformation unit including first logic on a hardware processor for processing input data by applying a transform to a received input datum to generate an output datum corresponding to the received input datum, where the input datum is received at the transformation unit in association with code and the input datum is associated with an input data associated property distinct from that input datum and specific to that input datum; and a properties propagation unit distinct from the transformation unit, the properties propagation unit including second logic for receiving the input data associated property associated with the input datum received at the transformation unit and generate an output data associated property corresponding to the output datum generated by the transformation unit based on a policy associated with the input data associated property associated with the input datum received at the transformation unit, wherein the output data by the transformation unit and the output data associated property generated by the properties propagation unit are generated at substantially the same time. 9.(New) A system for data driven secure computing, comprising: a computing system including: an output perimeter guard including logic coupled to a transformation unit and properties propagation unit, the logic adapted for: receiving an input datum from the transformation unit; receiving a corresponding data associated property associated with that input datum from the properties propagation unit at substantially the same time as the input datum; receiving a policy; generating an output datum based on a combination of the input datum and the data associated property or the policy. 1. A system for data driven secure computing, comprising: a computing system including: a transformation unit including first logic on a hardware processor for processing input data by applying a transform to a received input datum to generate an output datum corresponding to the received input datum, where the input datum is received at the transformation unit in association with code and the input datum is associated with an input data associated property distinct from that input datum and specific to that input datum; and a properties propagation unit distinct from the transformation unit, the properties propagation unit including second logic for receiving the input data associated property associated with the input datum received at the transformation unit and generate an output data associated property corresponding to the output datum generated by the transformation unit based on a policy associated with the input data associated property associated with the input datum received at the transformation unit, wherein the output data by the transformation unit and the output data associated property generated by the properties propagation unit are generated at substantially the same time. 16.(New) A method for data driven secure computing, comprising: receiving, at an input perimeter guard of a computing system, a first input datum; receiving, at the input perimeter guard of the computing system, a policy; generating, by the input perimeter guard of the computing system, an output datum; generating, by the input perimeter guard of the computing system, a corresponding data associated property associated with that output datum, wherein the output datum and the corresponding data associated property are generated based on the first input datum and the policy; providing the generated output datum as input to a transformation unit coupled to the input perimeter guard; providing the data associated property corresponding to the generated output datum to a properties propagation unit coupled to the input perimeter guard at substantially the same time the generated output datum is provided to the transformation unit. 10. A method for data driven secure computing, comprising: at a transformation unit including first logic: processing input data by applying a transform to a received input datum to generate an output datum corresponding to the received input datum, where the input datum is received at the transformation unit in association with code and the input datum is associated with an input data associated property distinct from that input datum and specific to that input datum; and at a properties propagation unit distinct from the transformation unit and including second logic for receiving the input data associated property associated with the input datum received at the transformation unit: generating an output data associated property corresponding to, and synchronized with, the output datum is generated by the transformation unit based on a policy associated with the input data associated property associated with the input datum received at the transformation unit, wherein the output data by the transformation unit and the output data associated property generated by the properties propagation unit are generated at substantially the same time. Claims 2, 9 and 16 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1of US Patent number 11645425. The conflicting claims are not identical, they are not patentably distinct from each other because the current application contains claims that are broader in scope than the claims of the patent number 11645425 and are anticipated by the claim 1. This is a non- provisional double patenting rejection since the conflicting claims have in fact been patented. Claims Comparison Table Application Number 18/826,947 Patent Number 11645425 2. (New) A system for data driven secure computing, comprising: a computing system including: an input perimeter guard including logic for receiving a first input datum and a policy and generating an output datum and a corresponding data associated property associated with that output datum, wherein the output datum and the corresponding data associated property are generated based on the first input datum and the policy, and wherein the input perimeter guard is coupled to a transformation unit and a property propagation unit distinct from the transformation unit and is adapted to: provide the generated output datum as a second input datum to the transformation unit, and provide the data associated property corresponding to the generated output datum to the properties propagation unit at substantially the same time the generated output datum is provided to the transformation unit.. 1. A system for data driven secure computing, comprising: a computing system including: transformation unit logic including first logic for processing input data on a hardware processor by applying a transform to the input data to generate an output datum corresponding to an input datum of the input data received at the transformation unit, where each and every input datum received at the transformation unit has a corresponding input data associated property distinct from that input datum and specific to that input datum; and properties propagation unit logic distinct from the transformation unit logic, the properties propagation unit logic including second logic for receiving the input data associated property corresponding to the input datum received at the transformation unit and generate an output data associated property corresponding to and synchronized with the output datum generated by the transformation unit logic by applying a relation to the input data associated property, wherein the relation is based on a policy defining a composability rule associated with the input data associated property, the output data associated property is generated with a subset of data required by the transformation unit logic in generating the output datum, and the synchronization of the output data associated property generated by the properties propagation unit logic with the output datum generated by the transformation unit logic comprises genera ting the output data by the transformation unit logic and the output data associated property generated by the properties propagation unit logic at the same time. 9.(New) A system for data driven secure computing, comprising: a computing system including: an output perimeter guard including logic coupled to a transformation unit and properties propagation unit, the logic adapted for: receiving an input datum from the transformation unit; receiving a corresponding data associated property associated with that input datum from the properties propagation unit at substantially the same time as the input datum; receiving a policy; generating an output datum based on a combination of the input datum and the data associated property or the policy. 1. A system for data driven secure computing, comprising: a computing system including: transformation unit logic including first logic for processing input data on a hardware processor by applying a transform to the input data to generate an output datum corresponding to an input datum of the input data received at the transformation unit, where each and every input datum received at the transformation unit has a corresponding input data associated property distinct from that input datum and specific to that input datum; and properties propagation unit logic distinct from the transformation unit logic, the properties propagation unit logic including second logic for receiving the input data associated property corresponding to the input datum received at the transformation unit and generate an output data associated property corresponding to and synchronized with the output datum generated by the transformation unit logic by applying a relation to the input data associated property, wherein the relation is based on a policy defining a composability rule associated with the input data associated property, the output data associated property is generated with a subset of data required by the transformation unit logic in generating the output datum, and the synchronization of the output data associated property generated by the properties propagation unit logic with the output datum generated by the transformation unit logic comprises genera ting the output data by the transformation unit logic and the output data associated property generated by the properties propagation unit logic at the same time. 16.(New) A method for data driven secure computing, comprising: receiving, at an input perimeter guard of a computing system, a first input datum; receiving, at the input perimeter guard of the computing system, a policy; generating, by the input perimeter guard of the computing system, an output datum; generating, by the input perimeter guard of the computing system, a corresponding data associated property associated with that output datum, wherein the output datum and the corresponding data associated property are generated based on the first input datum and the policy; providing the generated output datum as input to a transformation unit coupled to the input perimeter guard; providing the data associated property corresponding to the generated output datum to a properties propagation unit coupled to the input perimeter guard at substantially the same time the generated output datum is provided to the transformation unit. 1. A system for data driven secure computing, comprising: a computing system including: transformation unit logic including first logic for processing input data on a hardware processor by applying a transform to the input data to generate an output datum corresponding to an input datum of the input data received at the transformation unit, where each and every input datum received at the transformation unit has a corresponding input data associated property distinct from that input datum and specific to that input datum; and properties propagation unit logic distinct from the transformation unit logic, the properties propagation unit logic including second logic for receiving the input data associated property corresponding to the input datum received at the transformation unit and generate an output data associated property corresponding to and synchronized with the output datum generated by the transformation unit logic by applying a relation to the input data associated property, wherein the relation is based on a policy defining a composability rule associated with the input data associated property, the output data associated property is generated with a subset of data required by the transformation unit logic in generating the output datum, and the synchronization of the output data associated property generated by the properties propagation unit logic with the output datum generated by the transformation unit logic comprises genera ting the output data by the transformation unit logic and the output data associated property generated by the properties propagation unit logic at the same time. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 2-3 and 5-8 and 9-10 and 1215 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. As to claims 2 and 9, each element of the claim can reasonably be interpreted as software. Absent a definition in the specification, a reasonable interpretation of perimeter guard is just a software routine. This claim fails to fall into a statutory category of invention as software alone is not a machine, a manufacture, a process nor a composition of matter. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 2-6,8-13, 15-20 and 22 are rejected under 35 U.S.C 103 as being unpatentable over NPL document, title “Secure Program Execution via Dynamic Information Flow Tracking “ by G. Edward Suh (Hereinafter Suh) in view of Suder US pat. No 20110066602. 2. Suh discloses a system for data driven secure computing, (See Suh, abstract; Dynamic information flow tracking protects programs against malicious software attacks by identifying spurious information flows from untrusted I/O and restricting the usage of the spurious information. We propose architectural support, called dynamic information flow tracking to track I/O inputs and monitor their use.) comprising: a computing system including: an input perimeter guard including logic for receiving a first input datum and a policy and generating an output datum and a corresponding data associated property associated with that output datum, (See Suh sections 2, 3.1- 3.2 and 5 and fig 3: Our protection scheme consists of three major parts: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. Figure 3 illustrates the overview of our protection scheme. In the processor, each register needs to be tagged. In the memory, data blocks with the smallest granularity that can be accessed by the processor are tagged separately…. The I/O interface in the module marks inputs from untrusted I/O channels as spurious. Finally, if the processor generates a trap, the handler checks if the trapped operation is allowed in the security policy. If so, the handler returns to the application… There are two mechanisms added to the processor core; dynamic information tracking and security tag checking. On each instruction, the information tracker determines whether the result should be spurious or not based on the authenticity of input operands and the security policy. In this way, the mechanism tracks spurious information flow. Section 3.3 describes flow tracking in detail. At the same time, the tag checker monitors the tags of input operands for every instruction that the processor exe cutes. If spurious values are used for the operations specified in the security policy, the checker generates a security trap so that the operation can be checked by the execution monitor.) wherein the output datum and the corresponding data associated property are generated based on the first input datum and the policy, (See Suh; section 3.1 and fig 3: There are two mechanisms added to the processor core; dynamic information tracking and security tag checking. On each instruction, the information tracker determines whether the result should be spurious or not based on the authenticity of input operands and the security policy. In this way, the mechanism tracks spurious information flow. Section 3.3 describes flow tracking in detail. At the same time, the tag checker monitors the tags of input operands for every instruction that the processor exe cutes. If spurious values are used for the operations specified in the security policy, the checker generates a security trap so that the operation can be checked by the execution monitor.) and wherein the input perimeter guard is coupled to a transformation unit (See Suh, SEE FIG 3 and section 3; the tag checker is the input perimeter guard and the ALU is the transformation unit; Table 1 summarizes how a new security tag is computed for different operations. First, the ALU operations can prop agate the spurious values through computation dependency. Therefore, for most ALU instructions, the result is spurious if any of the inputs are spurious and PCR[1] is set indicating the computation dependency should be tracked. Additions that can be used for pointer arithmetic operations are treated separately unless PCR [0] is set because they can often be used to legitimately combine authentic base pointers with spurious offsets. For special instructions used for pointer arithmetic (such as s4addq in Alpha), we only propagate the security tag of the base pointer, not the tag of the offset.) and a property propagation unit distinct from the transformation unit (See Suh, fig 3 and section 3.2 and section 4; the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. Figure 3 illustrates the overview of our protection scheme. The tags for registers are initialized to be zero at program start-up. Similarly, all memory blocks are initially tagged with zero. The execution monitor tags the data with one only if they are from a potentially malicious input channel. The security tags are a part of program state, and should be managed by the operating system accordingly. On a con text switch, the tags for registers are saved and restored with the register values. The operating system manages a sepa rate tag space for each process, just as it manages a separate virtual memory space per process.) and is adapted to: provide the generated output datum as a second input datum to the transformation unit, (See Suh, section 3.3 and Table 1: Table 1 summarizes how a new security tag is computed for different operations. First, the ALU operations can prop agate the spurious values through computation dependency. Therefore, for most ALU instructions, the result is spurious if any of the inputs are spurious and PCR[1] is set indicating the computation dependency should be tracked. Additions that can be used for pointer arithmetic operations are treated separately unless PCR[0] is set because they can often be used to legitimately combine authentic base pointers with spurious offsets. For special instructions used for pointer arithmetic (such as s4addq in Alpha), we only propagate the security tag of the base pointer, not the tag of the offset. If it is not possible to distinguish the base pointer and the offset, the result is spurious only if both in puts are spurious. If PCR[0] is set, the pointer additions are treated the same as other computations. For load and store instructions, the security tag of the source propagates to the destination since the value is di rectly copied. In addition, the result may also become spurious if the accessed address is spurious and the corresponding PCR bits are set to track the load-address or store-address dependencies. We introduce two new instructions so that software mod ules, either the execution monitor or the application itself can explicitly manage the security tags. The SETT instruction sets the security tag of the destination register to an immediate value. The MOVT instruction copies the security tag from the source to destination. Finally, there can be instructions that require special tag propagations. In the x86 architecture, XOR’ing the same register is the default way to clear the register. Therefore, the result should be tagged as authentic in this case. Common RISC ISAs do not require this special propagation because they have a constant zero register. Note that we do not track any form of control dependency) and provide the data associated property corresponding to the generated  output datum to the properties propagation unit at substantially the same time the generated output datum is provided to the transformation unit. (See Suh, section 3.3 and Table 1, Move a tag . and policy We introduce two new instructions so that software mod ules, either the execution monitor or the application itself can explicitly manage the security tags. The SETT instruc tion sets the security tag of the destination register to an immediate value. The MOVT instruction copies the security tag from the source to destination to make sure property and data move at the same timeSEE ALSO FIG 3.1: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. ) Suh does not explicitly disclose “ providing the data at substantially the same time. However, Suder discloses providing the data at substantially the same time. (See Suder, fig 2 and [0065-0068]; output 322 and output 320 provided simultaneously) Suh and Suder are analogous art because they are from the same field of endeavor which is hardware security. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Suh with the teaching of Suder to include the feedback loop because it would have allowed additional security constraint. 3.The combination of Suh and Suder discloses the system of claim 2, wherein the input perimeter guard is coupled between a computing component of the computing system and transformation unit, and the first input datum is provided from the computing component. (See Suh, section 3.1 and fig 3 ; the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. )  4. The combination of Suh and Suder discloses the system of claim 3, wherein the computing component comprises a network component, a storage component or an input/output component. (See Suh, section 3.1 and fig 3; processors, registers, memory and I/O )  5. The combination of Suh and Suder discloses the system of claim 2, wherein the first logic is further adapted for determining an enforcement action associated with the policy and the output datum. (See Suh, section 3.3 : To be able to enforce various security policies, the dependencies to be tracked are controlled by a bit vector in the Propagation Control Register (PCR). The PCR is set to the proper value by the execution monitor based on the security policy. )  6. The combination of Suh and Suder discloses the system of claim 2, wherein the data associated property is generated based applying the policy to the first input datum. (See Suh, section 3: The execution monitor is a software module that orchestrates our protection scheme and enforces the security pol icy.. At the same time, the tag checker monitors the tags of input operands for every instruction that the processor exe cutes. If spurious values are used for the operations specified in the security policy, the checker generates a security trap so that the operation can be checked by the execution monitor.) 8. The combination of Suh and Suder discloses the system of claim 6, wherein the policy specifies a relationship between the first input datum and the output datum. (See Suh sections 2, 3.1- 3.2 and 5 and fig 3: Our protection scheme consists of three major parts: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. Figure 3 illustrates the overview of our protection scheme. In the processor, each register needs to be tagged. In the memory, data blocks with the smallest granularity that can be accessed by the processor are tagged separately)  9. Suh discloses a system for data driven secure computing, (See Suh, abstract; Dynamic information flow tracking protects programs against malicious software attacks by identifying spurious information flows from untrusted I/O and restricting the usage of the spurious information. We propose architectural support, called dynamic information flow tracking to track I/O inputs and monitor their use.) comprising: a computing system including: an output perimeter guard including logic coupled to a transformation unit and properties propagation unit, (See Suh sections 2, 3.1- 3.2 and 5 and fig 3: Our protection scheme consists of three major parts: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy , the I/O. Figure 3 illustrates the overview of our protection scheme. ) the logic adapted for: receiving an input datum from the transformation unit; (See Suh, sections 2, 3.1- 3.2 and 5 and fig 3: The I/O interface in the module marks inputs from untrusted I/O channels as spurious. Finally, if the processor generates a trap, the handler checks if the trapped operation is allowed in the security policy. If so, the handler returns to the application… There are two mechanisms added to the processor core; dynamic information tracking and security tag checking. On each instruction, the information tracker determines whether the result should be spurious or not based on the authenticity of input operands and the security policy. In this way, the mechanism tracks spurious information flow.) receiving a corresponding data associated property associated with that input datum from the properties propagation unit at substantially the same time as the input datum; (See Suh, section 3.3 and Table 1, Move a tag . and policy we introduce two new instructions so that software mod ules, either the execution monitor or the application itself can explicitly manage the security tags. The SETT instruction sets the security tag of the destination register to an immediate value. The MOVT instruction copies the security tag from the source to destination to make sure property and data move at the same time SEE ALSO FIG 3.1: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy.) receiving a policy; (See Suh, fig 3 and section 3: The execution monitor and the two hardware mechanisms provide a framework to check and restrict the use of spurious I/O inputs. The security policy determines how this framework is used by specifying the untrusted I/O channels, information flows to be tracked, and the restrictions on spurious value usage. One can have a general security policy that prevents most common attacks, or one can fine-tune the policy for each system or even for each application based on its security requirements and behaviors. The security policy defines legitimate uses of I/O values by specifying the untrusted I/O channels, information flows to be tracked (PCR), trap conditions (TCR), and software checks on a trap. If the run-time behavior of a program violates the security policy, the program is considered to be attacked. Ideally, the security policy should only allow legitimate operations of the protected program. The policy can be based either on a general invariant that should be followed by almost all programs or on the invariants for a specific application. Also, the restrictions defining the security policy can be based either on where spurious values can be used or on general program behavior.) generating an output datum based on a combination of the input datum and the data associated property or the policy. (See Suh, section 3.3 and Table 1, Move a tag . and policy We introduce two new instructions so that software mod ules, either the execution monitor or the application itself can explicitly manage the security tags. The SETT instruc tion sets the security tag of the destination register to an immediate value. The MOVT instruction copies the security tag from the source to destination to make sure property and data move at the same time See ALSO FIG 3.1: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy.) Suh does not explicitly disclose the properties propagation unit at substantially the same time. However, Suder discloses the properties propagation unit at substantially the same time. (See Suder, fig 2 and [0065-0068]; output 322 and output 320 provided simultaneously) Suh and Suder are analogous art because they are from the same field of endeavor which is hardware security. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Suh with the teaching of Suder to include the feedback loop because it would have allowed additional security constraint. 10. The combination of Suh and Suder discloses the system of claim 9, wherein the output perimeter guard is coupled between the transformation unit and a computing component of the computing system and, and the output datum is provided as input to the computing component. (See Suh, section 3.1 and fig 3; the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. )  11. The combination of Suh and Suder discloses the system of claim 10, wherein the computing component comprises a network component, a storage component or an input/output component. (See Suh, section 3.1 and fig 3; processors, registers, memory and I/O)  12. The combination of Suh and Suder discloses the system of claim 9, wherein the logic is further adapted for determining an enforcement action associated with the policy and the output datum. (See Suh, section 3.3 : To be able to enforce various security policies, the dependencies to be tracked are controlled by a bit vector in the Propagation Control Register (PCR). The PCR is set to the proper value by the execution monitor based on the security policy. )  13. The combination of Suh and Suder discloses the system of claim 9, wherein the output datum is generated by applying the policy to the input datum. (See Suh, section 3: The execution monitor is a software module that orchestrates our protection scheme and enforces the security pol icy.. At the same time, the tag checker monitors the tags of input operands for every instruction that the processor exe cutes. If spurious values are used for the operations specified in the security policy, the checker generates a security trap so that the operation can be checked by the execution monitor.) 15. The combination of Suh and Suder discloses the system of claim 13, wherein the policy specifies a relationship between the input datum and the output datum. (See Suh sections 2, 3.1- 3.2 and 5 and fig 3: Our protection scheme consists of three major parts: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. Figure 3 illustrates the overview of our protection scheme. In the processor, each register needs to be tagged. In the memory, data blocks with the smallest granularity that can be accessed by the processor are tagged separately)  16. As to claim 16 the claim is rejected under the same rationale as claim 1. See the rejection of claim 1 above. 17. The combination of Suh and Suder discloses the method of claim 16, wherein the input perimeter guard is coupled between a computing component of the computing system and transformation unit, and the first input datum is provided from the computing component. (See Suh, fig 3 and section 3)  18. The combination of Suh and Suder discloses the method of claim 17, wherein the computing component comprises a network component, a storage component or an input/output component. (See Suh, section 3.1 and fig 3; processors, registers, memory and I/O)    19. The combination of Suh and Suder discloses the method of claim 16, wherein the first logic is further adapted for determining an enforcement action associated with the policy and the output datum. (See Suh, section 3.3: To be able to enforce various security policies, the dependencies to be tracked are controlled by a bit vector in the Propagation Control Register (PCR). The PCR is set to the proper value by the execution monitor based on the security policy. )  20. The combination of Suh and Suder discloses the method of claim 16, wherein the data associated property is generated based applying the policy to the first input datum. (See Suh, section 3: The execution monitor is a software module that orchestrates our protection scheme and enforces the security policy.. At the same time, the tag checker monitors the tags of input operands for every instruction that the processor exe cutes. If spurious values are used for the operations specified in the security policy, the checker generates a security trap so that the operation can be checked by the execution monitor) 22. The combination of Suh and Suder discloses the method of claim 20, wherein the policy specifies a relationship between the first input datum and the output datum. (See Suh sections 2, 3.1- 3.2 and 5 and fig 3: Our protection scheme consists of three major parts: the execution monitor, the tagging units (flow tracker and tag checker) in the processor, and the security policy. Figure 3 illustrates the overview of our protection scheme. In the processor, each register needs to be tagged. In the memory, data blocks with the smallest granularity that can be accessed by the processor are tagged separately)  Claims 7, 14 and 21 are rejected under 35 U.S.C 103 as being unpatentable over NPL document, title “Secure Program Execution via Dynamic Information Flow Tracking “by G. Edward Suh (Hereinafter Suh) of Suder US pat. No 20110066602 in further view of Mossbarger, US20150244690. 7. The combination of Suh and Suder does not appear to explicitly disclose the system of claim 6, wherein applying the policy includes checking a cryptographic signature of the first input datum. However, Mossbarger discloses wherein applying the policy includes checking a cryptographic signature of the first input datum. (See Mossbarger, [0049-0054])   Suh, Studer and Mossbarger are analogous art because they are from the same field of endeavor which is hardware security. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Suh and Studer with the teaching of Mossbarger to include the policy enforcement because it would have allowed to prevent unauthorized user from accessing the system. 14. As to claim 14, the claim is rejected under the same rationale as claim 7. See the rejection of claim 7 above.   21. As to claim 21, the claim is rejected under the same rationale as claim 7. See the rejection of claim 7 above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Csefalvay, US20240202706, title “ Methods and systems for selecting quantisation parameters for deep neural networks using back-propagation.” Schwartz, US7457473, title “ Method for block sequential processing.” Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSNEL JEUDY whose telephone number is (571)270-7476. The examiner can normally be reached M-F 10:00-8:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached at (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Date: 2/16/2026 /JOSNEL JEUDY/ Primary Examiner, Art Unit 2438
Read full office action

Prosecution Timeline

Sep 06, 2024
Application Filed
Jan 27, 2025
Response after Non-Final Action
Feb 19, 2026
Non-Final Rejection — §101, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/306,453
Patent 12602352
UNIVERSAL DATA SCAFFOLD BASED DATA MANAGEMENT PLATFORM
2y 5m to grant Granted Apr 14, 2026
17/937,997
Patent 12591709
SYSTEMS AND METHODS FOR FUNCTIONALLY SEPARATING GEOSPATIAL INFORMATION FOR LAWFUL AND TRUSTWORTHY ANALYTICS, ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING
2y 5m to grant Granted Mar 31, 2026
18/044,928
Patent 12585744
Method for Performing Biometric Feature Authentication When Multiple Application Interfaces are Simultaneously Displayed
2y 5m to grant Granted Mar 24, 2026
18/138,433
Patent 12579264
CYBER THREAT INFORMATION PROCESSING APPARATUS, CYBER THREAT INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM STORING CYBER THREAT INFORMATION PROCESSING PROGRAM
2y 5m to grant Granted Mar 17, 2026
17/168,009
Patent 12566727
UNIVERSAL DATA SCAFFOLD BASED DATA MANAGEMENT PLATFORM
2y 5m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
84%
Grant Probability
67%
With Interview (-16.9%)
2y 11m
Median Time to Grant
Low
PTA Risk
Based on 788 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month