ACCESS CONTROL METHOD AND APPARATUS FOR LINUX FILE SYSTEM

§102 §112

DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application and preliminary amendment filed on 10/11/2024. This application is a national stage (371) application of the application, PCT/CN2023/086406. Claims 1-7 and 16-22 are currently pending in this application. Claims 2, 3 and 6 are amended. Claims 8-15 are cancelled. Claims 16-22 are new. Information Disclosure Statement The information disclosure statement (IDS) submitted on 10/11/2024 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Examiner’s Note Applicants are suggested to include information from figures 2, 3 with related text into the claims to provide a better condition for an allowance. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (B) CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. Claims 1-7 and 16-22 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention. Claim 1 (claim 16 includes similar limitations) recites: “An access control method … registering a Linux security module in a procedure of starting a Linux operating system, wherein the Linux security module is configured to perform … calling a signature verification module to obtain configuration information from a signature verification server … used to record a protected file … and a protection policy for … performing file protection on the protected file …”, however, it is not clear (1) whether “a signature verification module” and “a signature verification server” are parts of the Linux file system or not – omitting necessary component/step which causes the limitations unclear; (2) whether the protection policy of the configuration information is obtained by the signature verification module (not the Linux security module) or not (note: the Linux security module performs the file protection using the protection policy); (3) whether the file protection is performed to the protected file or not (e.g., double/multiple protections, etc.) – it is not clear to define a boundary of the limitations; (4) whether “the access control method” is controlling an access to “the configuration information” by the Linux security module or the signature verification module (note: the configuration information is obtained by the signature verification module); “… performing file protection … verifying a signature of a first user in response to receiving a modification request of the first user for the configuration information; and modifying the configuration information …”, however, it is not clear (1) whether “the signature of the first user” is including in “the modification request” or not – omitting necessary component/step which causes the limitations unclear; (2) whether “modifying the configuration information” performs modification to record the protected file and the protection policy or not. Claims 1 and 16 recites “a/the Linux security module”, “a/the signature verification module”; however, it is not clear whether these modules are components of the Linux file system (for the claim 1) or of the computing device (for the claim 16) or they are separate components included in the claims for intended use. Claims 2-7 and 17-22 depend from the claim 1 or 16, and are analyzed and rejected accordingly. Claims 2, 3, 17 and 18 recite “… receiving a file access request sent by a first process; and when a user corresponding to the first process is a root user … the first process is a process escaping from a container …”, however, it is not clear (1) whether the first process is the process of sending the file access request or not; (2) whether “the user corresponding to the first process” is “the first user” of the claim 1 or 17 or else; (3) how to define the user as a root user (e.g., the root user of the Linux file system, the root user of a user device, etc.) – it is not clear to define a boundary of the limitations; (4) how to define a process escaping from a container – omitting necessary component/step which causes the limitations unclear. Claims 4 and 19 recite “… the container identifier of the parent process is obtained by using an mnt_mns field of …”, however, it is not clear what is the “mnt_mns” field. Claims 6 and 21 recite “… determining that a user corresponding to the second process is a login user and user permission is a root user permission …”, however, it is not clear (1) whether the second process is a login process or not; (2) whether the user permission is the permission for the login permission or not – or omitting necessary step/component which causes the limitations unclear. Claims 7 and 22 recite “… exporting the protected file and/or the protection policy to a Linux file system interface based on the configuration information”, however, it is not clear (1) whether the protected file of the Linux file system (see the claim 1 or 16) is exported to itself or not – or it is not clear to define a boundary of the limitations; (2) whether the exporting process is based on the recording information (e.g., the configuration information) or not – see also the limitations of the claim 1. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) except as otherwise indicated in an Office action. This application includes one or more claim limitations that a generic placeholder (e.g., “module”) that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “… Linux security module is configured to perform … calling … performing …”, “… signature verification module is configured to perform … verifying … modifying …” in claim 16 (and dependent claims). Therefore, the claim limitations invoke 35 U.S.C. 112(f). However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function – see figures 1, 4 and paragraph 0022, 0031-0034, 0036-0040 of the disclosure. Therefore, the claims 16-22 are indefinite and are rejected under 35 U.S.C. 112(b). Applicant may: (a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f); (b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)). Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-3, 5-7, 16-18 and 20-22 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Callaghan et al. (US 10,397,230 B2). As per claim 1, Callaghan teaches an access control method for a Linux file system [see figs. 1, 4; col. 4, lines 16-34], comprising: registering a Linux security module in a procedure of starting a Linux operating system [figs. 1, 4, 5; col. 3, lines 61-67; col. 4, lines 1-34, 44-67; col. 5, lines 1-22; col. 25, lines 16-22 of Callaghan teaches registering a Linux security module (e.g., registering among the SP, the TPM and the verification and monitoring system) in a procedure of starting a Linux operating system (e.g., booting the Linux operating system)], wherein the Linux security module is configured to perform the following operations: calling a signature verification module to obtain configuration information from a signature verification server, wherein the configuration information is used to record a protected file in the Linux file system and a protection policy for the protected file [figs. 3-6; col. 5, lines 47-61; col. 6, lines 21-61 of Callaghan teaches wherein the Linux security module is configured to perform the following operations: calling a signature verification module to obtain configuration information (e.g., the log entries for the measurements) from a signature verification server, wherein the configuration information is used to record a protected file (e.g., the system sensitive file or the signed file) in the Linux file system and a protection policy (e.g., the file check policy rule, etc.) for the protected file]; and performing file protection on the protected file based on the protection policy; wherein the signature verification module is configured to perform the following operations: verifying a signature of a first user in response to receiving a modification request of the first user for the configuration information; and modifying the configuration information if a verification on the signature of the first user succeeds [figs. 4-6; col. 3, lines 61-67; col. 4, lines 1-15; col. 6, lines 1-67; col. 7, lines 1-11; col. 23, lines 12-67; col. 24, lines 1-44 of Callaghan teaches performing file protection on the protected file based on the protection policy (e.g., the file check policy rule, etc.); wherein the signature verification module is configured to perform the following operations: verifying a signature (e.g., having a valid digital signature or matching a predetermined hash value) of a first user in response to receiving a modification request (e.g., when the file has changed/updated) of the first user for the configuration information; and modifying the configuration information (e.g., the log entries, updated whitelist, etc.) if a verification on the signature of the first user succeeds]. As per claim 2, Callaghan teaches the method according to claim 1. Callaghan further teaches wherein the Linux security module is further configured to perform the following operations: receiving a file access request sent by a first process; and when a user corresponding to the first process is a root user, determining whether the first process is a process escaping from a container, and upon determining that the first process is the process escaping from the container, rejecting the file access request [figs. 5, 6; col. 27, lines 9-51 of Callaghan teaches receiving a file access request sent by a first process; and when a user corresponding to the first process is a root user (the process of the registration/root process or originated from the SP), determining whether the first process is a process escaping from a container, and upon determining that the first process is the process escaping from the container (e.g., the quote data is not valid or the validation is not successful), rejecting the file access request (e.g., termination of the SP and the host processor) – see also rejections to the claim 1]. As per claim 3, Callaghan teaches the method according to claim 2. Callaghan further teaches wherein a container identifier of a parent process of the first process is recorded in a task structure corresponding to the first process; and the determining whether the first process is a process escaping from a container comprises: searching the task structure corresponding to the first process, to obtain the container identifier of the parent process of the first process; and upon determining that the container identifier of the parent process of the first process is different from a container identifier of the first process, determining that the first process is the process escaping from the container [figs. 5, 6; col. 4, lines 35-66; col. 5, lines 47-67; col. 17, lines 26-42; col. 22, lines 54-58; col. 27, lines 1-51 of Callaghan teaches wherein a container identifier of a parent process of the first process is recorded in a task structure corresponding to the first process (e.g., recording operating system level execution measurements of security relevant immutable files in the hash chain of the TPM registers and corresponding logs in the event log storage, etc.); and the determining whether the first process is a process escaping from a container comprises: searching the task structure corresponding to the first process, to obtain the container identifier (e.g., the hash value) of the parent process of the first process; and upon determining that the container identifier of the parent process of the first process is different from a container identifier of the first process, determining that the first process is the process escaping from the container (e.g., the quote data is not valid or the validation is not successful) – see also rejections to the claim 3]. As per claim 5, Callaghan teaches the method according to claim 1. Callaghan further teaches wherein the protected file is a user file in the Linux file system [col. 18, lines 58-67; col. 19, lines 1-14 of Callaghan teaches wherein the protected file is a user file (e.g., a file modified by the user) in the Linux file system]. As per claim 6, Callaghan teaches the method according to claim 1. Callaghan further teaches wherein the Linux security module is further configured to perform the following operations: receiving a file access request sent by a second process; and upon determining that a user corresponding to the second process is a login user and user permission is root user permission, rejecting the file access request [col. 6, lines 1-16; col. 18, lines 58-67; col. 19, lines 1-14 of Callaghan teaches receiving a file access request sent by a second process; and upon determining that a user corresponding to the second process is a login user and user permission is root user permission (e.g., user with root privileges), rejecting the file access request (e.g., preventing any modification)]. As per claim 7, Callaghan teaches the method according to claim 1. Callaghan further teaches wherein the Linux security module is further configured to perform the following operation: exporting the protected file and/or the protection policy to a Linux file system interface based on the configuration information [col. 18, lines 23-43 of Callaghan teaches exporting the protected file and/or the protection policy (e.g., the custom policy) to a Linux file system interface (e.g., exporting from the SP to the integrity management subsystem) based on the configuration information (e.g., based on the configuration data)]. Claims 16-18 and 20-22 are device claims that correspond to the method claims 1-3 and 5-7, and are analyzed and rejected accordingly – see fig. 2 for the components, such as a memory, processor, executable code, etc. of the device. Allowable Subject Matter Claims 4 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and amended to overcome the 112(b) rejections (if any) stated above. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845. The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MAUNG T LWIN/Primary Examiner, Art Unit 2495