DETAILED ACTION
Authorization for Internet Communications
The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03):
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”
Please note that the above statement can only be submitted via Central Fax (not Examiner's Fax), Regular postal mail, or EFS Web using PTO/SB/439.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/31/2025 and 12/03/2025 are being considered by the examiner.
Claim Objections
Claims 8 - 11 objected to because of the following informalities:
Regarding claims 8 and 11, the limitation “the application” lacks proper antecedent basis because there are multiple different recitations i.e., “a first application” and “an application” earlier in the claim.
Claims 9 – 11 are dependent claims and thus also objected.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 12 contains the trademark/trade name “Android”. Where a trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph. See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product. A trademark or trade name is used to identify a source of goods, and not the goods themselves. Thus, a trademark or trade name does not identify or describe the goods associated with the trademark or trade name. In the present case, the trademark/trade name is used to identify/describe operating format and, accordingly, the identification/description is indefinite.
Claims 13 - 14 are dependent claims and thus also rejected.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1 – 6, and 12 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over the prior art of record, Silva Pinto et al., (US 2016/0381026 A1) (hereinafter “Silva”) (submitted by the applicant vis IDS filed 01/31/2025) in view of Thom et al., (US 2013/0031374 A1) (hereinafter “Thom”).
Regarding claim 1, Silva discloses; an electronic device [i.e., a mobile device (see figure 3), (page 4, para 0055)] comprising:
one or more processors [i.e., a mobile device (see figure 3), (page 4, para 0055)]; and
memory storing instructions that, when executed by the one or more processors
individually and/or collectively, cause the electronic device to [i.e., a mobile device (see figure 3), (page 4, para 0055)]:
change an execution mode of the electronic device to a privacy enhance (PE) mode in response to a user input [i.e., the user can enable or disable the secure operation mode from the mobile home screen, tap and drag the notification bar downwards, and then press the “secure mode” button/icon 104 (see figure 3), (page 4, para 0055), (page 3, para 0041 – 0049), (see ref. 1200 – 1500 of figure 1)];
control the electronic device, such that a request for an application that is executed in the PE mode in response to the change of the execution mode to the PE mode [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)]; and
control the electronic device such that the application is executed in the secure area in response to the request [i.e., only the chosen i.e. “MyBank application 102” is executed in the “secure mode” (page 4, para 0056 - 0057), (see figure 5)].
Silva does not disclose;
a request for generating an application is transferred from a normal area to a secure area; and in response to the request for generating the application.
However, Thom discloses;
a request for generating an application is transferred from a normal area to a secure area [i.e., caller module 150 exists in “Normal World” and communicates with fTPM module 120 via monitor module 130 in “Secure World” to perform TPM-based tasks or operations for general computing devices in response to operations or tasks requested by various applications running on the computing device (see figures 1 and 4), (page 1, para 0041) Note; under the BRI, the claimed request is a request associated with initiating execution of software in the secure area, Thom teaches transferring such a request from the Normal World to executable software in the Secure World]; and
the application is executed in the secure area, in response to the request for generating the application [i.e., enables use of ARM TrustZone extensions and security primitives to provide secure code execution in a secure execution environment i.e., “Secure World” (see figure 1), (page 5, para 0047)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Regarding claim 2, Silva discloses; the electronic device of claim 1 [i.e., (see claim 1 above)].
Silva does not disclose;
wherein the secure area and the normal area are configured as separate areas physically distinguished in the electronic device.
However, Thom discloses;
wherein the secure area [i.e., secure world (see figure 1)] and the normal area [i.e., normal world (see figure 1)] are configured as separate areas physically distinguished in the electronic device [i.e., TrustZone provides a secure execution environment i.e., secure world that is strongly isolated from the other components running in the normal execution environment i.e., normal world (page 5, para 0047), (page 2, para 0014)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Regarding claim 3, Silva discloses; the electronic device of claim 1, wherein the instructions, when executed by the one or more processors individually and/or collectively, control the electronic device such that at least one system service performs at least one configured operation according to the PE mode in response to the change of the execution mode to the PE mode [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)].
Regarding claim 4, Silva discloses; the electronic device of claim 1, wherein the instructions, when executed by the one or more processors individually and/or collectively:
control the electronic device such that a request for configuring a context of a first application that is executed in the PE mode is transferred from a first normal area to a secure area in response to the change of the execution mode of the electronic device to the PE mode; and
control the electronic device such that the context is configured in the secure area in response to the request for configuring the context of the first application [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)].
Regarding claim 5, Silva discloses; the electronic device of claim 1, wherein the instructions, when executed by the one or more processors individually and/or collectively, control the electronic device to select the PE mode as an entire execution mode of the electronic device in response to the user input [i.e., the user can enable or disable the secure operation mode from the mobile home screen, tap and drag the notification bar downwards, and then press the “secure mode” button/icon 104 (see figure 3), (page 4, para 0055), (page 3, para 0041 – 0049), (see ref. 1200 – 1500 of figure 1)].
Regarding claim 6, Silva discloses; the electronic device of claim 1, wherein the instructions, when executed by the one or more processors individually and/or collectively cause the electronic device to determine a configuration so that the application is executed only in the PE mode [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) Note; Silva teaches configuring secure mode applications before secure mode is entered. Applications designated for secure mode are permitted to execute, while non-designated applications are suspended or denied execution. Secure mode policy is stored and enforced by the kernel].
Regarding claim 12, Silva discloses; the electronic device of claim 1, wherein the application that is executed in the secure area comprises:
an Android runtime [i.e., Android Operating System (OS) (page 1, para 0004)].
Silva does not disclose;
a shim for processing a system call that is called by the Android runtime.
However, Thom discloses;
a shim for processing a system call that is called by the Android runtime [i.e., TEE interface module (see figure 1)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Regarding claim 13, Silva discloses; the electronic device of claim 12, wherein the instructions, when executed by the one or more processors individually and/or collectively cause the electronic device to determine, a memory region and a page table that the application is to protect in the PE mode, and to manage a context of the application [i.e., see claim 1 above)].
Silva does not disclose;
via the shim.
However, Thom discloses;
via the shim [i.e., TEE interface module (see figure 1)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Regarding claim 14, Silva discloses; the electronic device of claim 12, wherein the instructions, when executed by the one or more processors individually and/or collectively cause the electronic device to encrypt or decrypt a shared memory region, based on communicating with another application being executed in the secure area [i.e., (see claim 1 above)].
Silva does not disclose;
via the shim.
However, Thom discloses;
via the shim [i.e., TEE interface module (see figure 1)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Regarding claim 15, Silva discloses; an operation method of an electronic device, the method comprising:
changing an execution mode of the electronic device to a privacy enhance (PE) mode in response to a user input [i.e., the user can enable or disable the secure operation mode from the mobile home screen, tap and drag the notification bar downwards, and then press the “secure mode” button/icon 104 (see figure 3), (page 4, para 0055), (page 3, para 0041 – 0049), (see ref. 1200 – 1500 of figure 1)];
a request for an application that is executed in the PE mode in response to the change of the execution mode to the PE mode [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)]; and
executing the application in the secure area in response to the request [i.e., only the chosen i.e. “MyBank application 102” is executed in the “secure mode” (page 4, para 0056 - 0057), (see figure 5)].
Silva does not disclose;
transferring a request for generating an application from a normal area to a secure area; and in response to the request for generating the application.
However, Thom discloses;
transferring a request for generating an application from a normal area to a secure area [i.e., caller module 150 exists in “Normal World” and communicates with fTPM module 120 via monitor module 130 in “Secure World” to perform TPM-based tasks or operations for general computing devices in response to operations or tasks requested by various applications running on the computing device (see figures 1 and 4), (page 1, para 0041) Note; under the BRI, the claimed request is a request associated with initiating execution of software in the secure area, Thom teaches transferring such a request from the Normal World to executable software in the Secure World]; and
executing the application in the secure area, in response to the request for generating the application [i.e., enables use of ARM TrustZone extensions and security primitives to provide secure code execution in a secure execution environment i.e., “Secure World” (see figure 1), (page 5, para 0047)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Regarding claim 16, Silva discloses; the operation method of claim 15 [i.e., (see claim 15 above)].
Silva does not disclose;
wherein the secure area and the normal area are separate areas physically distinguished in the electronic device.
However, Thom discloses;
wherein the secure area [i.e., secure world (see figure 1)] and the normal area [i.e., normal world (see figure 1)] are configured as separate areas physically distinguished in the electronic device [i.e., TrustZone provides a secure execution environment i.e., secure world that is strongly isolated from the other components running in the normal execution environment i.e., normal world (page 5, para 0047), (page 2, para 0014)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Regarding claim 17, Silva discloses; the operation method of claim 15, further comprising controlling the electronic device such that at least one system service performs at least one configured operation according to the PE mode in response to the change of the execution mode to the PE mode [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)].
Regarding claim 18, Silva discloses; the operation method of claim 15, further comprising:
controlling the electronic device such that a request for configuring a context of a first application that is executed in the PE mode is transferred from a first normal area to a secure area in response to the changing the execution mode of the electronic device to the PE mode; and controlling the electronic device such that the context is configured in the secure area in response to the request for configuring the context of the first application [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)].
Regarding claim 19, Silva discloses; the operation method of claim 15, wherein the changing the execution mode of the electronic device comprises controlling the electronic device to select the PE mode as an entire execution mode of the electronic device in response to the user input [i.e., the user can enable or disable the secure operation mode from the mobile home screen, tap and drag the notification bar downwards, and then press the “secure mode” button/icon 104 (see figure 3), (page 4, para 0055), (page 3, para 0041 – 0049), (see ref. 1200 – 1500 of figure 1)].
Regarding claim 20, Silva discloses; a non-transitory computer-readable recording medium having instructions recorded thereon, that, when executed by one or more processors individually and/or collectively, cause the one or more processors to [i.e., a mobile device (see figure 3), (page 4, para 0055)]:
change an execution mode of the electronic device to a privacy enhance (PE) mode in response to a user input [i.e., the user can enable or disable the secure operation mode from the mobile home screen, tap and drag the notification bar downwards, and then press the “secure mode” button/icon 104 (see figure 3), (page 4, para 0055), (page 3, para 0041 – 0049), (see ref. 1200 – 1500 of figure 1)];
control the electronic device, such that a request for generating an application that is executed in the PE mode is transferred from a normal area to a secure area in response to the change of the execution mode to the PE mode [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)]; and
control the electronic device such that the application is executed in the secure area in response to the request [i.e., only the chosen i.e. “MyBank application 102” is executed in the “secure mode” (page 4, para 0056 - 0057), (see figure 5)] in response to the request for generating the application.
Silva does not disclose;
a request for generating an application is transferred from a normal area to a secure area; and in response to the request for generating the application.
However, Thom discloses;
a request for generating an application is transferred from a normal area to a secure area [i.e., caller module 150 exists in “Normal World” and communicates with fTPM module 120 via monitor module 130 in “Secure World” to perform TPM-based tasks or operations for general computing devices in response to operations or tasks requested by various applications running on the computing device (see figures 1 and 4), (page 1, para 0041) Note; under the BRI, the claimed request is a request associated with initiating execution of software in the secure area, Thom teaches transferring such a request from the Normal World to executable software in the Secure World]; and
the application is executed in the secure area, in response to the request for generating the application [i.e., enables use of ARM TrustZone extensions and security primitives to provide secure code execution in a secure execution environment i.e., “Secure World” (see figure 1), (page 5, para 0047)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva by adapting the teachings of Thom to address cost associated with including a TPM in hardware (See Thom; page 1, para 0010).
Claim(s) 7 - 11 are rejected under 35 U.S.C. 103 as being unpatentable over Silva in view of Thom as applied to claim 1 above, and further in view of Goodman et al., (US 2017/0115994 A1) (hereinafter “Goodman”).
Regarding claim 7, Silva discloses; the electronic device of claim 1, wherein the normal area [(i.e., see claim 1 above)].
Silva and Thom do not disclose;
a first zygote for shortening a first time in which a first application is executed in the normal area; and a second zygote for shortening a second time in which the first application is executed in the secure area.
However, Goodman discloses;
a first zygote for shortening a first time in which a first application is executed in the normal area [i.e., an operating system launches applications using a template process wherein the template process includes Zygote. The template process is preinitialized and fork to launch applications quickly (page 1, para 0007 - 0008)]; and
a second zygote for shortening a second time in which the first application is executed in the secure area [i.e., configuring a plurality of process classes, each associated with its own template process. Multiple template processes may exists simultaneously and may even be provided within a process class (e.g., separate template processes for 32-bit and 64-bit applications) (page 1, para 0013), (page 2, para 0019 - 0024), (see figure 1)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva and Thom by adapting the teachings of Goodman to provide additional security against ROP attacks (See Goodman; page 1, para 0013).
Regarding claim 8, Silva discloses; the electronic device of claim 7 [i.e., (see claim 7 above)].
Silva and Thom do not disclose;
wherein the instructions, when executed by the one or more processors individually and/or collectively cause the electronic device to fork, via the second zygote, a PE configuration process for configuring execution of the application in the PE mode in the secure area.
However, Goodman discloses;
wherein the instructions, when executed by the one or more processors individually and/or collectively cause the electronic device to fork, via the second zygote, a PE configuration process for configuring execution of the application in the PE mode in the secure area [i.e., to launch a new application, the system forks the template process, and then loads and runs the application’s code in the forked process (page 1, para 0007)].
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Silva and Thom by adapting the teachings of Goodman to provide additional security against ROP attacks (See Goodman; page 1, para 0013).
Regarding claim 9, Silva discloses; the electronic device of claim 8, wherein the normal area comprises a kernel, wherein the kernel comprises a resource manager, and wherein the instructions, when executed by the one or more processors cause the electronic device to manage a resource of the secure area via the kernel [i.e., the operating system (OS) kernel establishes the rules and privileges to these application (page 2, para 0019)].
Regarding claim 10, Silva discloses; the electronic device of claim 9, wherein the instructions, when executed by the one or more processors individually and/or collectively cause the electronic device to receive, the request for generating the application in the PE mode, via the kernel, from the PE configuration process [i.e., the operating system (OS) kernel establishes the rules and privileges to these application (page 2, para 0019)].
Regarding claim 11, Silva discloses; the electronic device of claim 9, wherein the secure area comprises firmware that for managing: a page table for the secure area, and a context of the application that is executed in the secure area, and wherein the instructions, when executed by the one or more processors individually and/or collectively cause the electronic device to receive from the kernel, via the firmware, the request for generating the application in the PE mode [i.e., once in the “secure mode” configuration panel 105, the mobile device switches to secure mode and the user can then select which applications are important to run under secure mode 106, for example “MyBank application” (page 4, para 0056), (see figure 4) i.e., in the user-selected secure mode, only chosen/selected/configured protected applications execute and non-selected, unnecessary applications are suspended (page 3, para 0042 – 0043), (see ref. 1400 of figure 1)].
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A RONI whose telephone number is (571)270-7806. The examiner can normally be reached M-F 9:00-5:00 pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED A RONI/Primary Examiner, Art Unit 2432