DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application is being examined under the pre-AIA first to invent provisions.
The preliminary amendment of 08/07/25 was received and considered.
Claims 1-3, 5, 10, and 21-30 are presented for examination. Claims 4, 6-9 and 11-20 are canceled.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-3, 5 and 21-24 and 26-30 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-25 of U.S. Patent No. 9,781,118. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the present application are anticipated by the claims of the ‘118 patent. This is an anticipatory double patenting rejection. See the chart below for comparison.
Application No. 19/079,966
U.S. Patent No. 9,781,118
1. An apparatus comprising:
processing circuitry to:
receive web content;
determine a trust level associated with the web content; and
map, based on the trust level, the web content to an execution environment.
2. The apparatus of claim 1, wherein the processing circuitry is further to store the web content to one or more data containers, wherein the trust level is determined based on real-time trust level assessment, wherein real-time trust level assessment is generated by a security module based on one or more of a built-in assessment tool or a separate security tool.
1. An apparatus to differentiate web content, comprising:
a browser interface to receive the web content;
a container designation module to determine a trust level associated with the web content; and an environment module to map the web content to an execution environment based at least in part on the trust level;
wherein the container designation module is to obtain a real-time trust level assessment; wherein the trust level is to be determined based at least in part on the real-time trust level assessment; and wherein the web content is to be mapped to a first processor based on a first determined trust level and a determination that an execution latency is tolerated, and the web content is to be mapped to a second processor based on a second determined trust level and a determination that the execution latency is not tolerated.
3. The apparatus of claim 1, wherein the processing circuitry is further to: map the web content to the execution environment based on a context attribute including one or more of a stack composition associated with the web content, a latency of one or more web transactions associated with the web content, an objective of the web content, or a service type associated with the web content; send a portion of the web content to an offload container associated with one or more of the web content, an enterprise data center, a private cloud associated with a third-party service provider to map the web content to the execution environment; and receive results associated with the offload container.
3. The apparatus of claim 1, wherein the web content is to be mapped to the execution environment further based on a context attribute including one or more of a stack composition associated with the web content, an objective of the web content and a service type associated with the web content.
4. The apparatus of claim 1, further including a content offload module to send at least a portion of the web content to an offload container associated with one or more of a provider of the web content, an emulation module of a local computing device, an enterprise data center, a private cloud and a third party service provider to map the web content to the execution environment, and to receive a result associated with the offload container.
5. The apparatus of claim 4, wherein the processing circuitry is further to send a portion of the web container to the offload container when the trust level is below a threshold and a latency tolerance condition is satisfied.
5. The apparatus of claim 4, wherein at least a portion of the web container is to be sent to the offload container if the trust level is below a threshold and the execution latency is tolerated.
Claims 21-24 and 26-29 are directed to method and computer readable medium versions of claims 1-3 and 5 and are similarly mapped to claims 10-25 of the ‘118 patent.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 26-30 are rejected under 35 U.S.C. 101 as not falling within one of the four statutory categories of invention. Claim 26-30 are directed towards a computer readable medium. The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent. A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation “non-transitory” to the claim and specification.
Claims 1-2, 10 and 21, 22, 25-27 and 30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
As per claims 1, 21 and 26:
Step 1, the claims are directed to an apparatus (machine), method (process), and medium (manufacture).
Step 2A. Prong 1: The core limitations—receiving content, determining a "trust level," and "mapping" the content based on that trust—fall under the judicial exceptions of mental processes (evaluating risk/trustworthiness) and certain methods of organizing human activity (classifying and routing items based on rules).
Step 2A. Prong 2: The claim must integrate this abstract idea into a practical application, such as improving computer security or the functioning of the computer itself. However, Claim 1 uses broad, result-oriented functional language ("map... to an execution environment") without reciting the specific technical means by which this mapping is achieved. It effectively claims the result of securing the environment rather than a specific technical solution.
Step 2B: The claim must integrate this abstract idea into a practical application, such as improving computer security or the functioning of the computer itself. However, Claim 1 uses broad, result-oriented functional language ("map... to an execution environment") without reciting the specific technical means by which this mapping is achieved. It effectively claims the result of securing the environment rather than a specific technical solution. These claims, as currently drafted, are patent ineligible.
As per claims 2, 22 and 27:
These claims add that the assessment happens in "real-time" using a "security module," "built-in assessment tool," and "data containers." Performing an abstract idea in real-time or limiting its use to a generic technological environment (data containers, modules) does not integrate it into a practical application. Reciting generic software constructs like "modules" and "tools" to perform the assessment simply instructs the practitioner to apply the abstract idea using conventional computing functions.
As per claims 10, 25 and 30:
These claims introduce scheduling workloads, provisioning resources, memory transactions, and application/graphics processing circuitry (CPUs/GPUs). While these are technical components, the claim merely states that the generic hardware is performing its standard, inherent functions (scheduling workloads and using memory) to execute the abstract idea. It does not improve how the CPUs or GPUs operate. Adding basic computer hardware (memory, CPUs, GPUs) to an abstract concept is does not amount to significantly more. These are well-understood, routine, and conventional components.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of pre-AIA 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5, 10, and 21-30 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Joshi et al., US 7,694,328 and further in view of Ganesh et al, US 2005/026960.
Regarding claim 1, Joshi discloses an apparatus comprising: processing circuitry to:
receive web content (col. 34, lines 20-26: One approach to rendering web pages with content from multiple security contexts involves implementing an ActiveX control or plugin that takes as a parameter, a URL to a page that should be rendered in the Isolated Context. This control may be intended to be used from a web browser process running in the Protected Context, and may do the following when it starts up, including: create a child window of the browser window that is sized the same as the ActiveX control's client area, and moves and gets resized along with the client area. And Fig. 2).
Joshi lacks or does not expressly disclose a trust level associated with web content.
However, Ganesh discloses a trust level associated with the web content (fig. 3 and paragraph 0023-0024, security zones including a multi-tiered security system, where each zone has separate security settings. See Fig. 4); and
map, based on the trust level the web content to an execution environment (fig. 4, #406, #411, and paragraph 0024, Each binary behavior is mapped to a particular security zone. Also see paragraph 0017).
It would have been obvious to one of ordinary skill in the art, the time the invention was made, to modify Joshi with Ganesh to determine a trust level associated with the web content, in order to prevent unauthorized execution of binary behaviors within the security zone, as taught by Ganesh, paragraph 0024.
Regarding claim 2, Joshi, as modified above, further discloses, the web conent to one or more data containers, wherein the trust level is determined based on real-time trust level assessment, wherein the real-time trust level assessment is generated by a security module base on one more of a built-in assessment tool or a separate security tool (col. 28, lines 32-39: to maintain transparent isolation to the user, while mediating the resources available to the Isolated Context, in a Windows environment, it is essential to be able to provide the services of Explorer.exe to the Isolated Context. Such Explorer.exe functions as traybar notification icons, taskbar buttons, the desktop window, and dynamic data exchange (DDE) services can all be provided to the Isolated Context by proxying, using various forms of API interception as discussed above.).
Regarding claim 3, Joshi lacks or does not expressly disclose map the web content to the execution environment further based on a context attribute including one or more of a stack composition associated with the web content, a latency of one or more web transactions associated with the web content, an objective of the web content and a service type associated with the web content.
However, Ganesh further discloses wherein the web content is to be mapped to the execution environment further based on a context attribute including one or more of a stack composition associated with the web content, a latency of one or more web transactions associated with the web content, an objective of the web content and a service type associated with the web content; send a portion of the web content to an offload container associated with one or more of the web content, an enterprise data center, a private cloud associated with a third party service provider to map the web content to the execution environment. (Paragraph 0030, At step 411, the security manager maps the requested behavior to a particular security zone. Paragraph 0031: Behaviors can be attached to an HTML element (custom tag, a known tag, a text element, etc) and control the rendering associated with that element.).
It would have been obvious to one of ordinary skill in the art, the time the invention was made, to modify Joshi with Ganesh to determine map the web content in order to map behaviors according to a particular security zone, as taught by Ganesh, paragraph 0029.
Regarding claim 5, Joshi, as modified above, further discloses the apparatus of claim 4, wherein the processing circuitry is further to send a portion of the web container is to be sent to the offload container when the trust level is below a threshold and a latency tolerance condition is satisfied (see fig. 2, #230 “Is content internal or trusted” and #250 “can content execute in restricted execution environment”).
Regarding claim 10, Joshi lacks or does not expressly disclose wherein the processing circuitry is further to schedule one or more workloads associated with the web content based at least in part on the trust level and to provision one or more resources associated with the one or more workloads, wherein the one or more workloads are associated with one or more memory transactions
However, Ganesh further discloses to schedule one or more workloads associated with the web content to provision one or more resources associated with the one or more workloads, wherein the one or more workloads are associated with one or more memory transactions wherein the processing circuitry is couple to a memory, the processing circuitry having one or more of application processing circuitry or graphics processing circuitry (see fig. 4, At step 406, the security manager maps the requested behavior to a particular security zone. At step 407, the security settings associated with the particular security zone are reviewed to determine if the requested behavior should be allowed to execute (or download). When the requested binary behavior is permissible in the security zone, the security manager permits the request to instantiate the binary behavior to pass to the content server as shown by step 408. The content server communicates the binary behavior to the client device by downloading as shown by step 409.).
It would have been obvious to one of ordinary skill in the art, the time the invention was made, to modify Joshi with Ganesh to include a workload scheduler in order to list permissible URL actions associated with each security zone, as taught by Ganesh, paragraph 0026.
As per claims 21-25, this is a method version of the claimed apparatus discussed above in claims 1-3, 5 and 10 wherein all claimed limitations have also been addressed and/or cited as set forth above.
As per claims 26-30, this is a computer readable medium version of the claimed apparatus discussed above in claims 1-3, 5 and 10 wherein all claimed limitations have also been addressed and/or cited as set forth above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AUBREY H WYSZYNSKI/Primary Examiner, Art Unit 2434