DETAILED ACTION
Notice of AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
The amendment filed 2026-03-03 has been entered and fully considered.
Response to Arguments
Applicant’s arguments, see page 6, filed 2026-03-03, with respect to the nonstatutory obviousness-type double patenting rejection of claims 1-2 and 13-16 have been fully considered but they are not persuasive.
In response to applicant’s argument that the amended specific functions performed by the “execution environment isolation component”, the “I/O composition kernel component”, and the “I/O separation modules” distinguish from the claims of Gligor, the Examiner respectfully disagrees. In particular, the Examiner notes that the claim features are intended usage limitations that do not necessarily limit the scope of the claims beyond a general-purpose computer, as the claims merely recite that the components and modules are “for” performing the functions -- not that they’re configured to perform the functions. Thus, the Examiner respectfully submits that the amendment is insufficient to distinguish from the claims of Gligor, and thus the nonstatutory obviousness-type double patenting rejection is proper.
Applicant’s arguments, see pages 6-7, filed 2026-03-03, with respect to the rejection of claims 1-2 and 13-16 under 35 U.S.C. § 101 have been fully considered but they are not persuasive.
Applicant argues that “the Examiner fails to state which element or elements of claim 1 represents the alleged evaluation” and that instead, the “Examiner only suggests that the overall claim is directed to a mental process”. The Examiner notes, however, that in determining whether a claim is directed towards an abstract idea, the Examiner is required to consider the “claim as a whole”; See MPEP § 2106.04(II). In this instance, the Examiner noted that the claim as a whole is directed towards the idea of creating secure I/O channels.
Applicant then argues that the claimed invention is “integrated into a practical application by providing an improvement to the operation of the computer under Step 2A, prong two”. The Examiner first notes that, for an improvement in the functioning of a computer, the claim must include “the components or steps of the invention that provide the improvement described in the specification”; See MPEP § 2106.04(d)(1). In this instance, the claimed I/O composition kernel is drafted at such a high level of generality that it does not necessarily eliminate developer effort required to re-implement and re-verify new I/O kernels to protect multiple types of I/O devices. For example, although the claims recite composition of I/O kernels for multiple device types, the claims are not limited to the structure or function that enables the improvement of eliminating developer effort; instead, the claims generically recite desired, intended usage functions that don’t meaningfully limit the claims.
Thus, the Examiner respectfully submits that the 35 U.S.C. § 101 rejection is proper.
Applicant’s arguments, see pages 7-8, filed 2026-03-03, with respect to the rejection of claims 1-2 and 13-16 under 35 U.S.C. § 112(b) have been fully considered but they are not persuasive.
Applicant argues that “the term ‘I/O’ is part of the specific names of these components” and “that these terms should not be considered as acronyms, but as part of the name of the specific components”. The Examiner respectfully submits, however, that because “I/O” is an acronym, this renders unclear whether the names the terms “I/O separation modules” and “I/O composition kernel” are limited to the “Input/Output” meaning of the acronym “I/O” (or any other such meaning), or whether “I/O” imparts no meaning as part of the name.
Thus, the Examiner respectfully submits that the 35 U.S.C. § 112(b) rejection is proper.
Applicant’s arguments, see pages 8-10, filed 2026-03-03, with respect to the rejection of claims 1-2 and 13-16 under 35 U.S.C. § 102(a)(1) have been fully considered but they are not persuasive.
For the 35 U.S.C. § 102(a)(1) rejection over Gligor:
Applicant first argues that “the claimed invention supports separated I/O channels of multiple types of devices and scales up to many types of devices”. The Examiner respectfully submits, however, that the relevant claim limitation is part of an intended usage limitation that does not limit the scope of the claim; See updated claim rejection. Further, even if the intended usage did limit the claims, the claim merely recites “one or more input/output devices” and thus is anticipated by a single, non-scalable I/O device.
Applicant then argues that “the claimed invention supports formally-verified secured I/O channels for multiple types of I/O devices to isolated applications (i.e., SecApps) without needing to re-implement and re-verify these new I/O kernel”. The Examiner respectfully submits, however, that (similar as above) the relevant claim limitation is an intended usage limitation that does not limit the scope of the claim.
Finally, applicant argues that “the claimed invention allows secure device sharing between multiple SecApps, OS and non-isolated apps (See Specification at [0053])”. The Examiner respectfully submits, however, that the features upon which applicant relies (“secure device sharing between multiple SecApps, OS and non-isolated apps”) are not recited in the claims. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims; See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
For the 35 U.S.C. § 102(a)(1) rejection over Lal:
Applicant first argues that “the I/O composition kernel is isolated from the one or more operating systems and any non-isolated apps. and is responsible for executing the one or more I/O separation modules and the one or more isolated apps”. The Examiner respectfully submits, however, that the claimed “isolation” has no particular structure or function and is not only anticipated by the enclave of Lal, but is also anticipated by the general memory isolation provided by the memory cell isolation of generic storage devices.
Applicant then argues that the “I/O composition kernel does not need to assign such security keys to trusted applications or encrypt I/O data it received”. The Examiner respectfully submits, however, that the features upon which applicant relies (exclusion of assigning security keys to trusted applications and encrypting I/O data it received) are not recited in the claims. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims; See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Finally, applicant argues that the “TEE in Lal is set up by a secure enclave support 122, however, there does not appear to be a component taught by Lal that creates and destroys both untrusted and secured domains, as is now required by amended claim”. The Examiner respectfully submits, however, that (similar as above) the relevant claim limitation is an intended usage limitation that does not limit the scope of the claim.
Thus, the Examiner respectfully submits that the 35 U.S.C. § 102(a)(1) rejections are proper.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-2 and 13-16 remain rejected on the ground of nonstatutory double patenting over U.S. Patent No. 10235515-B2 in view of the prior art of record for the rationale as provided in the Office action mailed 2026-02-11; See updated § 102(a)(1) rejection at ¶14.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-2 and 14-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea (35 U.S.C. 101 Judicial Exception) without significantly more. The claims recite a variety of generic computer components that creates secure I/O channels, a form of evaluation, which is a concept performed in the human mind and thus grouped as mental processes. This judicial exception is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements, when considered separately and in combination, do not add significantly more to the abstract idea, as they are well-understood, routine, conventional computer functions as recognized by the courts.
Based upon consideration of all the relevant factors with respect to the claimed invention as a whole, the claims are determined to be directed to an abstract idea without significantly more. The rationale for this determination is explained infra:
The following are Principles of Law:
A patent may be obtained for “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof”; 35 U.S.C. § 101. The Supreme Court has consistently held that this provision contains an important implicit exception: laws of nature, natural phenomena, and abstract ideas are not patentable; See Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347, 2354 (2014); Gottschalk v. Benson, 409 U.S. 63, 67 (1972) (“Phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work.”). Notwithstanding that a law of nature or an abstract idea, by itself, is not patentable, an application of these concepts may be deserving of patent protection; See Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293–94 (2012). In Mayo, the Court stated that “to transform an unpatentable law of nature into a patent-eligible application of such a law, one must do more than simply state the law of nature while adding the words ‘apply it.’” Mayo, 132 S. Ct. at 1294 (citation omitted).
In Alice, the Court reaffirmed the framework set forth previously in Mayo “for distinguishing patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications of these concepts.” Alice, 134 S. Ct. at 2355. The test for determining subject matter eligibility requires a first step of determining whether the claims are directed to a process, machine, manufacture, or composition of matter. If the claims are directed to one of the four patent-eligible subject matter categories, then the Examiner must perform a two-part analysis to determine whether a claim that is directed to a judicial exception recites additional elements that amount to significantly more than the exception. The first part of the second step in the analysis is to “determine whether the claims at issue are directed to one of those patent-ineligible concepts.” Id. If the claims are directed to a patent-ineligible concept, then the second part of the second step in the analysis is to consider the elements of the claims “individually and ‘as an ordered combination”’ to determine whether there are additional elements that “‘transform the nature of the claim’ into a patent-eligible application.” Id. (quoting Mayo, 132 S. Ct. at 1298, 1297). In other words, the second step in the analysis is to “search for an ‘inventive concept’‒ i.e., an element or combination of elements that is ‘sufficient to ensure that the patent in practice amounts to significantly more than a patent on the [ineligible concept] itself.’” Id. (brackets in original) (quoting Mayo, 132 S. Ct. at 1294). The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294).
In the “2019 Revised Patent Subject Matter Eligibility Guidance” (2019 PEG), the USPTO has prepared revised guidance for use by USPTO personnel in evaluating subject matter eligibility based upon rulings by the courts.
The Examiner is bound by and applies the framework as set forth by the Court in Mayo and reaffirmed by the Court in Alice and follows the 2019 PEG for determining whether the claims are directed to patent-eligible subject matter.
Step 1: Are the claims at issue directed to a process, machine, manufacture, or composition of matter?
The Examiner finds that the claims are directed to one of the four statutory categories.
Step 2A – Prong One: Does the claim recite an abstract idea, law of nature, or natural phenomenon?
The Examiner finds that the claims are directed to the abstract idea of a variety of generic computer components that creates secure I/O channels, a form of evaluation, which is a concept performed in the human mind and thus grouped as mental processes.
Step 2A – Prong Two: Does the claim recite additional elements that integrate the Judicial Exception into a practical application?
The abstract idea is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer.
In determining whether the abstract idea was integrated into a practical application, the Examiner has considered whether there were any limitations indicative of integration into a practical application, such as:
(1) Improvements to the functioning of a computer, or to any other technology or technical field; See MPEP § 2106.05(a)
(2) Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition; See Vanda Memo (Recent Subject Matter Eligibility Decision: Vanda Pharmaceuticals Inc. v. West-Ward Pharmaceuticals)
(3) Applying the judicial exception with, or by use of, a particular machine; See MPEP § 2106.05(b)
(4) Effecting a transformation or reduction of a particular article to a different state or thing; See MPEP § 2106.05(c)
(5) Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception; See MPEP § 2106.05(e) and Vanda Memo
The Examiner notes that clam features of: a variety of generic computer components that creates secure I/O channels do not improve the functioning of a computer or technical field, do not effect a particular treatment or prophylaxis for a disease or medical condition, do not apply or use a particular machine, do not effect a transformation or reduction of a particular article to a different state or thing, and do not apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception.
Instead of a practical application, the claim features of a variety of generic computer components that creates secure I/O channels merely use a general-purpose computer as a tool to perform the abstract idea (See MPEP § 2106.05(f)) and merely generally link the use of the abstract idea to a field of use (See MPEP § 2106.05(h)). Thus, the Examiner finds that the claimed invention does not recite additional elements that integrate the Judicial Exception into a practical application.
Step 2B: Is there something else in the claims that ensures that they are directed to significantly more than a patent-ineligible concept?
The claims, as a whole, require nothing significantly more than generic computer implementation or can be performed entirely by a human. The additional element(s) or combination of element(s) in the claims other than the abstract idea per se amount to no more than recitation of generic computer structure (e.g. processors, input/output devices, and memory) that serves to perform generic computer functions (e.g. creating secured I/O channels) that are well-understood, routine, and conventional activities previously known to the pertinent industry. The claimed isolated applications, environment, execution environment isolation component, I/O composition kernel component, I/O separation modules, etc is/are all numbers, data structures, or datum. Each of these elements are individually dispositive of patent eligibility because of the following legal holdings:
“Data in its ethereal, non-physical form is simply information that does not fall under any of the categories of eligible subject matter under section 101.” Digitech Image Techs., LLC v. Electronics for Imaging, Inc., 758 F.3d 1344, 1350 (Fed. Cir. 2014).
The Supreme Court has also explained that “[a]bstract software code is an idea without physical embodiment,” i.e., an abstraction. Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 449 (2007).
A claim that recites no more than software, logic, or a data structure (i.e., an abstract idea) – with no structural tie or functional interrelationship to an article of manufacture, machine, process or composition of matter does not fall within any statutory category and is not patentable subject matter; data structures in ethereal, non-physical form are non-statutory subject matter. In re Warmerdam, 33 F.3d 1354, 1361 (Fed. Cir. 1994); see Nuijten, 500 F.3d at 1357.
Furthermore, the claimed invention does not have a specific asserted improvement in computer capabilities, nor is it a specific implementation of a solution to a problem in the software arts; See Enfish, LLC v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir. 2016). Rather, the claims are merely directed towards a variety of generic computer components that creates secure I/O channels, which is similar to ideas that the courts have found to be abstract, as noted supra, and the claims are without a “practical application” or anything “significantly more”.
Considering each of the claim elements in turn, the function performed by the computer system at each step of the process does no more than require a generic computer to perform a well-understood, routine, and conventional activity at a high level of generality. For example, creating secure I/O channels is merely receiving or transmitting data over a network, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network). Further note that the abstract idea of creating secure I/O channels to which the claimed invention is directed has a prior art basis outside of a computing environment, e.g. using trusted inter-office mail delivery.
The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294).
Viewed as a whole, the claims simply recite the steps of using generic computer components. The claims do not purport, for example, to improve the functioning of the computer system itself. Nor does it effect an improvement in any other technology or technical field. Instead, the claims amount to nothing significantly more than an instruction to implement the abstract idea using generic computer components. This is insufficient to transform an abstract idea into a patent-eligible invention.
The dependent claims likewise incorporate the deficiencies of a claim upon which they ultimately depend and are also directed to non-patent-eligible subject matter.
35 USC § 112(f)
The following is a quotation of 35 U.S.C. 112(f):
ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f), because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are: “an execution environment isolation component for …”, “one or more I/O separation modules for …”, and “an I/O composition kernel component for …” in claim 1.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
A review of the specification is unclear as to the corresponding structure or acts described in the specification for the 35 U.S.C. 112(f) limitations.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f), applicant may: (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1-2 and 14-16 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention. Specifically, with regard to claim 1, claim limitations “an execution environment isolation component for …”, “one or more I/O separation modules for …”, and “an I/O composition kernel component for …” have been evaluated under the three-prong test set forth in MPEP § 2181, subsection I, but the result is inconclusive. It is unclear whether these limitations should be interpreted under 35 U.S.C. 112(f), because the claimed modules are within the creation of an environment executing on the processor, and because it’s unclear if this processor (and perhaps instructions on the processor) constitute sufficient hardware for performing the claimed functions. The boundaries of this claim limitation are ambiguous; therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b).
In response to this rejection, applicant must clarify whether this limitation should be interpreted under 35 U.S.C. 112(f). Mere assertion regarding applicant’s intent to invoke or not invoke 35 U.S.C. 112(f) is insufficient. Applicant may:
(a) Amend the claim to clearly invoke 35 U.S.C. 112(f) by reciting “means” or a generic placeholder for means, or by reciting “step”. The “means”, generic placeholder, or “step” must be modified by functional language, and must not be modified by sufficient structure, material, or acts for performing the claimed function;
(b) Present a sufficient showing that 35 U.S.C. 112(f) should apply because the claim limitation recites a function to be performed and does not recite sufficient structure, material, or acts to perform that function;
(c) Amend the claim to clearly avoid invoking 35 U.S.C. 112(f) by deleting the function or by reciting sufficient structure, material or acts to perform the recited function; or
(d) Present a sufficient showing that 35 U.S.C. 112(f) does not apply because the limitation does not recite a function or does recite a function along with sufficient structure, material or acts to perform that function.
Claims 1-2 and 14-16 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention. Specifically, with regard to claim 1, claim elements “an execution environment isolation component for …”, “one or more I/O separation modules for …”, and “an I/O composition kernel component for …” are limitations that appear to invoke 35 U.S.C. 112(f). However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function(s) and to clearly link the structure, material, or acts to the function(s). In particular, the Specification does not explicitly disclose what structure performs the claimed function(s).
Applicant may:
(a) Amend the claim so that the claim limitations will no longer be interpreted as a limitation under 35 U.S.C. 112(f);
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed functions, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the functions recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the functions so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed functions, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed functions and clearly links or associates the structure, material, or acts to the claimed functions, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed functions. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claims 1-2 and 14-16 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. Specifically, Claim 1 recites the limitation “I/O”, and the acronym is not defined in the claim before its first usage, rendering its meaning unclear and ambiguous. Applicant argues that it is simply a portion of the name of the modules; however, given that “I/O” is generally considered an acronym, it is unclear what weight, if any, this acronym imparts to the claims. The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim 1 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by Gligor et al. (US Patent No. 10235515-B2, hereinafter “Gligor”).
With respect to independent claim 1, Gligor discloses a system for providing on-demand, secured input/output channels between multiple types of input/output devices and one or more isolated applications comprising:
one or more processors {claim 1: “one or more processors”}.
one or more input/output devices in communication with at least one of the processors {claim 1: “one or more input/output (I/O) devices, said devices in communication with at least one of said processors”}.
memory, connected to the one or more processors {claim 1: “memory, connected to said one or more processors”}.
computer-readable instructions, which when executed by the one or more processors cause the creation of an environment executing on the processor {claim 1: “computer-readable instructions which, when executed by one of said processors, cause the processor to create a computing platform”}, comprising:
one or more operating systems {claim 1: “one or more untrusted operating systems”}.
an execution environment isolation component for creating and destroying both untrusted and secure domains {claim 3: “trusted computing base partitions memory into a plurality of portions”}.
one or more I/O separation modules for taking control of one or more input/output devices and related hardware resources required by the one or more isolated applications from the one or more operating systems, verifying the configurations of one or more of the input/output devices and allocating one or more of the input/output devices to one or more of the isolated applications {claim 1: “the trusted I/O kernel provides channel isolation”; note that the broadest reasonable interpretation of “modules for” encompasses an intended usage of the nebulous modules, but does not require steps to be performed and does not necessarily limit the claim to a particular structure; thus the functional limitations do not limit the scope of the claim; See MPEP § 2103(I)(C)}.
an I/O composition kernel component for executing the one or more isolated applications and the one or more I/O separation modules and for enforcing access control policies required for input/output separation for multiple types of input/output devices for one or more of the isolated applications {claim 1: “a trusted I/O kernel” and “a secure application is executed on top of the trusted I/O kernel”; note that the broadest reasonable interpretation of “component for” encompasses an intended usage of the nebulous component, but does not require steps to be performed and does not necessarily limit the claim to a particular structure; thus the functional limitations do not limit the scope of the claim; See MPEP § 2103(I)(C)}.
wherein the environment creates the secured input/output channels {claim 1: “a communications channel between said untrusted operating system and said trusted I/O kernel”}.
wherein the I/O composition kernel is isolated in a secure domain separate from the one or more operating systems and any applications in untrusted domains {claim 4: “said trusted I/O kernel runs in a first isolated domain”}.
Claims 1-2 and 14-16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lal et al. (US Pre-Grant Publication No. 20190230067-A1, hereinafter “Lal”).
With respect to independent claim 1, Lal discloses a system for providing on-demand, secured input/output channels between multiple types of input/output devices and one or more isolated applications comprising:
one or more processors {para. 0009: “one or more processors”}.
one or more input/output devices in communication with at least one of the processors {para. 0011: “one or more I/O devices 138”}.
memory, connected to the one or more processors {para. 0009: “non-transitory machine-readable (e.g., computer-readable) storage medium, which may be read and executed by one or more processors”}.
computer-readable instructions, which when executed by the one or more processors cause the creation of an environment executing on the processor {para. 0009: “implemented as instructions carried by or stored on a transitory or non-transitory machine-readable (e.g., computer-readable) storage medium, which may be read and executed by one or more processors”}, comprising:
one or more operating systems {para. 0016: “operating systems”}.
an execution environment isolation component for creating and destroying both untrusted and secure domains {para. 0015: “a trusted execution environment (TEE)”}.
one or more I/O separation modules for taking control of one or more input/output devices and related hardware resources required by the one or more isolated applications from the one or more operating systems, verifying the configurations of one or more of the input/output devices and allocating one or more of the input/output devices to one or more of the isolated applications {para. 0011: “the I/O subsystem 126 may establish a secured channel”; note that the broadest reasonable interpretation of “modules for” encompasses an intended usage of the nebulous modules, but does not require steps to be performed and does not necessarily limit the claim to a particular structure; thus the functional limitations do not limit the scope of the claim; See MPEP § 2103(I)(C)}.
an I/O composition kernel component for executing the one or more isolated applications and the one or more I/O separation modules and for enforcing access control policies required for input/output separation for multiple types of input/output devices for one or more of the isolated applications {paras. 0016-0018: “operating systems, …, libraries, and drivers” with “an application running inside a trusted execution environment (TEE)”; note that the broadest reasonable interpretation of “component for” encompasses an intended usage of the nebulous component, but does not require steps to be performed and does not necessarily limit the claim to a particular structure; thus the functional limitations do not limit the scope of the claim; See MPEP § 2103(I)(C)}.
wherein the environment creates the secured input/output channels {para. 0011: “a compute device 100 for establishing a secured channel for a secure I/O data transfer”}.
wherein the I/O composition kernel is isolated in a secure domain separate from the one or more operating systems and any applications in untrusted domains {paras. 0014-0016 & Fig. 1: “code and data included in the secure enclave may be encrypted or otherwise protected from being accessed by code executing outside of the secure enclave”; also all operating systems, applications, programs, libraries, and drivers are individually stored in isolated memory cells; also note “I/O subsystem 126” is a separate entity }.
With respect to dependent claim 2, Lal discloses wherein the environment further comprises: one or more untrusted applications executing on top of the one or more operating systems {para. 0015: “applications that are running in the secure enclave 122 are considered trusted applications”; applications not running in the secure enclave are not trusted}.
With respect to dependent claim 14, Lal discloses wherein the I/O composition kernel component authorizes all accesses for I/O devices issued by the operating systems and the untrusted applications {paras. 0018-0019 & 0026-0030: “the interposer security logic unit 128 is configured to establish a secured channel between the I/O subsystem and an application running inside a trusted execution environment (TEE)”}.
With respect to dependent claim 15, Lal discloses wherein the I/O composition kernel component comprises:
an I/O separation composition component for authorizing accesses to hardware resources by the secure processes, the operating systems and the untrusted applications {paras. 0015-0019 & 0026-0030: “the interposer security logic unit 128 is configured to establish a secured channel between the I/O subsystem and an application running inside a trusted execution environment (TEE)”, this extends to “code and data included in the secure enclave”, “such as operating systems, applications, programs, libraries, and drivers”}.
a kernel/process communications component for processing communications related to the I/O composition kernel component and the secure processes {paras. 0018-0019 & 0026-0030: “the interposer security logic unit 128 is configured to establish a secured channel between the I/O subsystem and an application running inside a trusted execution environment (TEE)”}.
With respect to dependent claim 16, Lal discloses wherein the communications include operating system – I/O composition kernel communications, inter-secure process communications, and delivery of signals and interrupts to secure processes {paras. 0022-0023: “an I/O device of the compute device 100 that generates I/O data that may be transferred to an application running on the host processor 120”, wherein “the I/O device 138 may include” a list of devices which use signals and interrupts, OS-lOCK communications, and communication between processes on those devices and the “application running inside a trusted execution environment (TEE)”}.
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is 571-270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William (“Bill”) Korzuch can be reached at 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Kevin Bechtel/
Primary Examiner, Art Unit 2491