|
|
| Oracle v. Google - Reexamination - Patent 6125447 |
 |
|
Tuesday, September 06 2011 @ 09:00 AM EDT
|
Oracle has filed its response [PDF] to the first office action [PDF] with respect to U.S. Patent 6125447 (the "'447 patent"). While Oracle is offering to amend two of its claims in the '447 patent (independent claim 7 and independent claim 16), Oracle asserts that the examiner got it wrong in rejecting all of the claims.
Claim 7 and 16 are each amended by adding the following limitation:
establishing an association between said one or more protection domains and one or more sources of code, wherein the one or more sources of code is at least one of a file, a persistent object, a FLASH EPROM reader, or a set of system libraries;
In the first office action the examiner had asserted that all of the independent claims of the '447 patent were anticipated by U.S. Patent No. 5,412,717 ("Fischer").
Fischer discloses a method for providing computer system security, including associating protection domains with object-oriented program structures, such as classes of objects and sources of code. Fischer discloses a set of authorities (permissions) and/or restrictions stored as "program authorization information" or "PAI." (protection domains) See Fischer, at Col. 2: 16-36. The PAI is assigned to a program to be executed (associate protection domains and classes), "to thereby delineate the types of resources and functions that the program is allowed to utilize." See id. PAIs associated to called and invoked programs may be combined, as appropriate. See id. at Col. 19: 40-54. Note object oriented data structures at Fig. 3C and Col. 2: 6-9 & 7: 49 - Col. 8: 2. The PAI can be associated with a signer of a digital certificate (see Fischer, at Col. 6: 25-35 and Fig. 2) or a manufacturer of a program (indicates the source of code used) (see Fischer, at Col. 9: 3-8 and Col. 16: 12-25). Fischer checks the PAI for authorization (determining whether said action is authorized); the PAI of Fischer may include a "hierarchy of nested certifications and signatures" (permissions associated with a plurality of routines in a calling hierarchy). USPN 4,868,877 and USPN 5,005,200, which are incorporated by reference, disclose additional teachings related to digital certificates and signatures.
More specifically, the examiner found:
Per claims 1, 7,10,16, and 19, Fischer '717 discloses a method, computer readable medium executed by one or more processors, and system for providing security.
The Fischer disclosure references 'authorization entries' within the "program authorization information," or "PAI," to verify access authority to other code and resources. "... providing enhanced computer system security while processing computer programs... " Fischer at 1:20-25. See exemplary computer readable medium carrying a "sequence of instructions" as shown in Fischer '717, FIGs. 1 (#2, #7), 10 & 11. Fischer '717 teaches (Abstract; 4: 24-61) a system.
Fischer discloses establishing one or more protection domains, wherein a protection domain is associated with zero or more permissions;
Fischer's PAI ('717, 2: 34-36) reads on the claimed 'protection domain.' (2: 20-23), "The system monitor builds a data structure (establishing one or more protection domains) including a set of authorities (protection domains as PAIs defining permissions) defining that which a program is permitted to do (permissions) and/or that which the program is precluded from doing." (9: 17-10: 23), "The program control block 140 is loaded with program authorization information such that the PAI can be readily referenced as the associated program is executed so as to ensure that the program performs functions and accesses resources in conformance with its assigned authorizations. The program control block associated with the program to be executed is located in a storage area which cannot be modified by the program."
Fischer discloses establishing an association between said one or more protection domains and one or more classes of one or more objects.
(2: 6-9), "The present invention is directed to providing reliable security, even when operating with complex data structures, e.g., objects, containing their own program instructions, which are transmitted among users." (2: 26-33), "Once defined, the program authorization information [(PAI)] is thereafter associated with each program to be executed to thereby delineate the types of resources and functions that the program is allowed to utilize. The PAI associated with a particular program may be assigned by a computer system owner/user or by someone who the computer system owner/user implicitly trusts." See Fischer, FIG. 3C, #116, noting an object oriented program. An object is an instance of a class, i.e., a class template. Gong '447 recites (6: 63-7: 29) well known facts related to objects: "[e]ach object belonging to a class has the same fields ('attributes') (protection domain attributes) and the same methods." (7: 14-18, 7: 49-8: 2), "... The program authorization information is embedded in a segment 116 which specifies the authorization for the object's program or programs in a manner to be described more fully hereinafter." (15: 24-26), "Thereafter, the PAI is stored using, for example, one of the approaches set forth in FIGS. 3A through 3D so that it is associated with its program 272 ...."
Fischer discloses determining whether an action requested by a particular object is
permitted based on said association between said one or more protection domains
and said one or more classes.
(15: 56-59), "FIGS. 10 and 11 illustrate the sequence of operations of a supervisor program for controlling the processing of a program being executed in accordance with its program authorization information." (16: 66-17: 3), "Depending on the processing in block 316 [of FIG. 10], a decision is made in block 322 whether the signatures are valid, authorized and trusted. If the signatures are not determined to be valid, then the routing branches to block 324 where the execution in program X is suppressed." In the case where digital signatures are used to determine whether an action requested is permitted, Fischer discloses (17: 31-33), "If the processing in blocks 322 and 316 reveal that the signatures are valid, then the processing in block 326 is performed." As noted above, the protection domain objects are derived from (association) a protection domain class definition.
Claim 19 also recites the term "domain mapping object" for establishing an association between said one or more protection domains and one or more classes of one or more objects. Fischer discloses (2: 20-23), "The system monitor (domain mapping object) builds a data structure (establishing an association between one or more protection domains) including a set of authorities (protection domains as PAIs defining permissions) defining that which a program is permitted to do (permissions) and/or that which the program is precluded from doing." (FIG. 3C; 7: 14-18, 7: 49-8: 44), The data structure defines (establishes associations) the type of object...embeds a segment with program
authorization information, a segment with object method code, and a segment with data
variables.
The examiner also found these same claims anticipated by Goldstein ("The Gateway Security Model in the Java Electronic Commerce Framework" by
Theodore Goldstein) with supporting evidence by Shah ("Java APIs: Playing Monopoly with Java via the JECF", Rawn Shah), both non-patent literature prior art.
Oracle, in its response, acknowledges that the critical elements comprising the invention are those cited by the examiner:
■ establishing one or more protection domains, wherein a protection domain is associated with zero or more permissions;
■ establishing an association between said one or more protection domains and one or more classes of one or more objects; and
■ determining whether an action requested by a particular object is permitted based on said association between said one or more protection domains and said one or more classes.
Oracle does not believe Fischer or Goldstein disclose all of these elements. Specifically:
The art of the present reexamination does not compel a different conclusion. None of the cited references—Fischer, Goldstein, or Shah—teaches or suggests the above claimed combination of features of the '447 Patent. Fischer does not disclose "establishing an association between ... protection domains and ... classes." Instead, Fischer is directed to providing security by associating program authorization information ("PAI") with a program. Fischer is silent as to classes or any security based on classes. Indeed, the lack of any discussion as to classes in Fischer is dispositive not only with respect to the above "establishing" feature, but also to the other features such as "determining whether an action requested by a particular object is permitted based on said association between ... protection domains and ... classes."establishing an association between ... protection domains and ... classes" because both Goldstein and Shah, similarly to Fischer, are silent as to any security based on classes.
Accordingly, Patent Owner submits that all of the rejections should be withdrawn.
* * * *
Claim 1 recites, inter alia:
"establishing an association between said one or more protection domains and one or more classes of one or more objects."
The Office Action (p. 12) asserts that Fischer discloses this claim feature in a "set of
authorities and/or restrictions assigned to a program to be executed are referred to herein as
'program authorization information' (or 'PAI')." (Fischer, 2:24-26.) Patent Owner respectfully
disagrees with this assertion.
Fischer teaches a security monitor that limits the ability of a program about to be executed to the use of predefined resources through the use of the PAI. Fischer envisions the program, to which the PAI is assigned, as a virus program (Fischer, 1:30-31), a game (Fischer, 9:29-30), or the like. A program, however, is most certainly not a class. According to Prof. Goldberg's declaration, "a program in an object-oriented language (e.g. Java and C++) may include classes, whereas a program in a non object-oriented language (e.g. C, Lisp, assembly language, etc.) would not be considered to include classes." (Emphasis added; Goldberg Declaration, 111.) Thus, Fischer's programs do not disclose "one or more classes of one or more objects" as expressly required by the claims.
Further, Fischer's provision of security at a program-level is also insufficient. "In Fischer, every portion of the program - including the classes if the program is written in an object-oriented language - would have the same permissions. Thus, even in an object-oriented language, Fischer does not provide a mechanism for associating different permissions with different portions of code within the same program." (Goldberg Declaration, 111.) Because Fischer does not teach anything related to classes, it cannot disclose that the PAI is associated with "one or more classes of one or more objects." Therefore, claim 1 is not anticipated by Fischer.
In the Office Action and during the interview, the Examiner viewed the program in Fischer as having classes and inquired that, if Fischer disclosed a program with classes, whether the association of the PAI with a program having classes would meet the above feature if construed broadly. It is believed that the Examiner was trying to abstract an object-oriented implementation from Fischer based on Fischer's Fig. 3C. Even if Fischer disclosed a program with classes, which it does not (Goldberg Declaration, 111), the feature would still not be met, as the Patent Office's proposed construction is not supported by the claim language nor is it consistent with the '447 specification, as noted by Prof. Goldberg during the interview. The claim language—"establishing an association between ... protection domains and ... classes"—expressly links the protection domain to classes, not programs. The link between protection domains and classes was emphasized in the '447 specification as providing a finer level of granularity for establishing protections within a computing system than at the entire program level (i.e., at the level that Fischer discusses). (Goldberg Declaration, 112.) For example, the specification states that the "sandbox approach is not very granular because all remote code is restricted to the same limited set of resources." ('447, 2:11-13.)
It is undesirable to choose a coarser level of granularity, such as "all remote code" or an entire program such as the one described in Fischer, because this limits the flexibility of the code to be assigned varying permissions. According to Prof. Goldberg's declaration, "[c]hoosing a coarser level of granularity than associating permissions with classes, such as associating the same permissions with 'all remote code' (i.e. all code loaded from remote sources) as in the prior art Java 'sandbox' model, or associating permissions with an entire program as in Fischer, limits the flexibility of the code to be assigned varying permissions. For example, since Java programs are often constructed from classes retrieved from multiple sources - some of the sources more trusted than others - it is desirable to be able to assign different permissions to the classes retrieved from different sources." (Goldberg Declaration, 112.) All remote code, or all code within a program, is assigned the same permissions, regardless of trustworthiness of the various components. However, "[providing security measures that allow more granularity than the sand box method involves
establishing a complex set of relationships between principals and permissions." ('447, 2:24-26.) "In Fischer, however, all code within a program is assigned the same permissions, regardless of trustworthiness of the various components. The claimed invention of the '447 Patent solves these problems by providing a more granular level of protection (i.e., associating protection with classes) and simplifying the relationships between principals and permissions via the protection domain mechanism. In fact, Fischer teaches away from using class-level protection by teaching program-level protection." (Goldberg Declaration, 113.) '"Teaching away' does not require that the prior art foresaw the specific invention that was later made, and warned against taking that path." Spectralytics, Inc., v. Cordis Corp. (Fed. Cir. June 13, 2011). Rather, the design of the prior art device itself can teach away from the invention. (Id.) Here, the design of Fischer (i.e., protection associated at the program level) teaches away from the claimed "establishing an association between ... protection domains and ... classes" of the '447 Patent.
Moreover, upon reading the specification, one of skill in the art would recognize that the "association" in "establishing an association between ... protection domains and ... classes"
requires the protection domains to be associated with classes, not with programs. (Goldberg Declaration, 114.) See, e.g., '447, 2:10-22 (where in the background art, sets of files are "associated" with particular banks), and contrast with examples described at '447, 2:50-3:50 (where protection domains are "associated" classes and permissions), 6:65-66 (where methods are "associated" with objects), etc. In each of the examples from the '447 specification, "associated" means that the two pieces are associated with each other, not associated through another construct, such as a program. One of skill in the art could not interpret the claimed "association" differently because none of the examples provided in the specification suggest otherwise. (Goldberg Declaration, 114.) Indeed, to adopt such a construction would directly contravene the requirement of giving claims their "broadest reasonable construction consistent with the specification" in a reexamination. (MPEP 2258(I)(G) (emphasis added); In re Suitco Surface, 603 F.3d 1255, 1259 (Fed. Cir. 2010). In contrast, construing the feature as associating protection domains with classes would be consistent with the specification, as the entire patent teaches such an association.
(Goldberg Declaration, 114.) According to Prof. Goldberg's declaration, "[o]ne of ordinary skill in the art reading the '447 patent would understand the "association" between classes and protection domains to be any mechanism that allows the code from different classes within the same program to operate with different protection domains. Fischer's disclosure of associating a PAI with a program does not provide such a mechanism." (Goldberg Declaration, 114.) Therefore, one of skill in the art would recognize that associating a PAI with a program does not disclose "establishing an association between ... protection domains and ... classes," as recited in claims 1, 10, and 19.
When discussing Fischer, the Office Action cites to the disclosure at ('447, 7:4-6), that each object belonging to a class has the same fields and the same methods, to conclude that protection domain attributes may be stored in the fields of an object instantiated from that class. (Office Action, page 12.) However, at the time of invention, while programs as a whole may generally have had protection attributes as shown by Fischer, protection was not provided on a class by class basis. (Goldberg Declaration, 114.) Accordingly, although the fields of objects instantiated from the same class were the same, the fields of a class did not have protection domain attributes.
For at least this reason and the reasons discussed above, Fischer does not teach or suggest "establishing an association between one or more protection domains and one or more classes of one or more objects," as claimed in independent claims 1,10, and 19.
Oracle also believes that the earlier referenced limitation added to claims 7 and 16 further saves those claims in light of the arguments with respect to Fischer and Goldstein.
This is a fairly compelling argument, and one to which the examiner will need to dig deep to counter. Oracle argues much this same point with respect to Goldstein as it does above with respect to Fischer.
It is also worth remembering that this is an ex parte reexamination, so Google does not have a right to respond to Oracle. In any case, Fischer, Goldstein, and Shah are the only prior art that Google submitted.
Now we wait to see how the examiner responds.
|
|
|
|
| Authored by: Anonymous on Tuesday, September 06 2011 @ 09:43 AM EDT |
| 8) [ Reply to This | # ]
|
| |
| Authored by: YurtGuppy on Tuesday, September 06 2011 @ 10:04 AM EDT |
Please post corrections here.
---
a small fish in an even smaller pond[ Reply to This | # ]
|
| |
| Authored by: YurtGuppy on Tuesday, September 06 2011 @ 10:06 AM EDT |
Discussion of news picks goes here.
---
a small fish in an even smaller pond[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, September 06 2011 @ 10:24 AM EDT |
Is the patent system so broken that adding a phrase like "
wherein the one or more sources of code is at least one of a
file, a persistent object, a FLASH EPROM reader, or a set of
system libraries;" can transform a claim from unpatentable to
patentable????
Oracle's lawyers need to be jailed for attempting to commit
fraud on the patent office ... and if any of the judges or
examiners in this case buys this, then they need to be fired
for incompetence!!!!!!!![ Reply to This | # ]
|
- hmm... - Authored by: Anonymous on Tuesday, September 06 2011 @ 10:53 AM EDT
- Is the patent system so broken? - Authored by: darrellb on Tuesday, September 06 2011 @ 10:55 AM EDT
- mid-lawsuit ???? - Authored by: DebianUser on Tuesday, September 06 2011 @ 11:34 AM EDT
- Eh...? - Authored by: Anonymous on Tuesday, September 06 2011 @ 01:02 PM EDT
- mid-lawsuit ???? - Authored by: Wol on Tuesday, September 06 2011 @ 02:01 PM EDT
- mid-lawsuit ???? - Authored by: Anonymous on Tuesday, September 06 2011 @ 11:00 PM EDT
- Is the patent system so broken? - Authored by: PJ on Tuesday, September 06 2011 @ 01:18 PM EDT
- Is the patent system so broken? - Authored by: Anonymous on Tuesday, September 06 2011 @ 02:44 PM EDT
- The real limitation is security by file location, not originating user or process - Authored by: Anonymous on Tuesday, September 06 2011 @ 05:17 PM EDT
- Moving from abstract to more concrete - Authored by: Anonymous on Tuesday, September 06 2011 @ 06:04 PM EDT
- Do none of these people understand programming? - Authored by: Anonymous on Tuesday, September 06 2011 @ 10:39 PM EDT
- Is the patent system so broken? - Authored by: Anonymous on Tuesday, September 06 2011 @ 11:29 PM EDT
- Is the patent system so broken? - Authored by: Anonymous on Wednesday, September 07 2011 @ 04:43 AM EDT
| |
| Authored by: Kilz on Tuesday, September 06 2011 @ 10:28 AM EDT |
| For all posts that are not on topic. [ Reply to This | # ]
|
| |
| Authored by: cricketjeff on Tuesday, September 06 2011 @ 10:45 AM EDT |
If it could be conclusively proved that the number of angels that can dance on
the head of a pin is not infinite but in fact limited to twenty thousand million
and six Oracle appear to be claiming the invention of a pin with room for only
twenty thousand million and four.
The new limitation is such a limited limitation that it cannot in any sense be
considered inventive, and I suspect the patent office will say as much.
---
There is nothing in life that doesn't look better after a good cup of tea.[ Reply to This | # ]
|
| |
| Authored by: Ian Al on Tuesday, September 06 2011 @ 11:38 AM EDT |
I know all about classes in computing. It's a word I use when I want to sound
like I know what I'm talking about.
Can someone explain what a class is? I know that programs that run in Java and
Dalvik are called class files, but what exactly are the classes, inside?
I had guessed that, in object orientated programming languages, they are the
groups of objects in a particular class that share object features. However,
prohibiting access to a class sounds a bit like prohibiting access to a library.
It might stop a program from, say, modifying the contents of data files, but
that sounds like a pretty blunt security tool as all of the other objects in the
class would also be unavailable including reading files.
Also, if the language is compiled, do the classes make it through to the
installation binary? If not, is this only relevant to virtual processors that
'interpret' classes of objects at run time?
One final question: Your answer may be generally understood by practitioners of
Java and Dalvik, but is it generally applicable to all oop languages? If not, is
it a term that can be used in a patent without additional definition?
---
Regards
Ian Al
Patented inventions must be obvious. You could never work them out from the
patent disclosures.[ Reply to This | # ]
|
- Class? - Authored by: Anonymous on Tuesday, September 06 2011 @ 12:13 PM EDT
- Class? - Authored by: cjk fossman on Tuesday, September 06 2011 @ 12:37 PM EDT
- Class? Explanation and clarification? - Authored by: Anonymous on Tuesday, September 06 2011 @ 02:07 PM EDT
- Class? - Authored by: StormReaver on Tuesday, September 06 2011 @ 03:22 PM EDT
- Class -- a concrete definition - Authored by: Marc Mengel on Tuesday, September 06 2011 @ 03:39 PM EDT
- Class? - Authored by: Anonymous on Tuesday, September 06 2011 @ 06:10 PM EDT
- Class? - Authored by: ais523 on Tuesday, September 06 2011 @ 06:23 PM EDT
- Class? - Authored by: Anonymous on Tuesday, September 06 2011 @ 09:56 PM EDT
- Class and what it means... - Authored by: BitOBear on Tuesday, September 06 2011 @ 10:30 PM EDT
- Class = Library = Module = Program - Authored by: Anonymous on Tuesday, September 06 2011 @ 10:42 PM EDT
- Class? You are missing something important here! - Authored by: Anonymous on Wednesday, September 07 2011 @ 05:18 AM EDT
- Class? - Authored by: swmech on Wednesday, September 07 2011 @ 06:00 PM EDT
| |
| Authored by: complex_number on Tuesday, September 06 2011 @ 02:05 PM EDT |
Post the HTML coded transcripts here in Plain Old Text format.
---
Ubuntu & 'apt-get' are not the answer to Life, The Universe & Everything which
is of course, "42" or is it 1.618?
[ Reply to This | # ]
|
| |
| Authored by: BitOBear on Tuesday, September 06 2011 @ 09:43 PM EDT |
How is a FLASH EEPROM reader (a mechanical device with zero inherent information
structure) and various kinds of files and libraries, even in the same list?
Again with the Vogon Poetry, clearly there is some sort of disconnect somewhere
that has nothing to do with technical fact.
It's like listing "a printing press" in a bibliography.
So source file or library versus CDROM, disk, tape, flash memory or EEPROM
versus CDROM drive, tape drive, disk drive, flash reader or EEPROM reader.
(hard drives and hard disks are now inseparable, but not so much the other
things, and in no case are these real things in the later two stanzas
conceptually relatable to the information tidbit that might be a source file or
[code?] library.)
The attempt to conflate a real thing as in an EEPROM Reader, with stuff like
"source files" is either disingenuous or just plain ignorant.
Example, a DVD contains a lot of .VDO files, even if there is just one
"movie" (each chapter is a file), so listing a file, a DVD, and a DVD
Reader you are listing a vertical depencency tree instead of a conceptual
peerage of "sources". And even still, these are not
"origins" of the movie etc.
ALSO: what is a "persistent object" in this usage, or more importantly
what _isn't_ a persistent object? There is _no_ limit to the domain
"persistent object".
Where the source of the code is one or more of life, the universe, or
everything? Is that a finite legal domain I am unaware of?
This "added clause" has no particular meaning because it has no limit.
Since it has no limit it cannot be a limiting clause.[ Reply to This | # ]
|
| |
| Authored by: BitOBear on Tuesday, September 06 2011 @ 10:13 PM EDT |
Programs are made of subprograms and data.
Classes are made of subprograms and data.
Therefore classes are programs.
The two general types of subprograms are functions and procedures. (functions
return a value, procedures do not, but that is such a distinction without a
difference that the C language doesn't even recognize it and all subprograms are
"functions" and to make a procedure you return "void", e.g.
nothing.)
Consider the Java runtime error "main class not found". Thats right,
you start a java program by invoking a class with a "main" function in
it. Said function being the point where the java runtime begins doing whatever
"the program" does. Thing is, just like in C, the operating system has
been running "the program" for a while when main is called because the
java VM (or C runtime library) has to do all its setup work.
So even the "main program" in a program is executed as a subprogram of
the runtime.
The filing seems to be trying to say that zero or one protection domains in
Fischer or Goldstein is somehow unable to predict the number 2 (or 3 etc) or
that doing the Fischer or Goldstein operations on disparate subprograms is not
the same thing as doing so to disparate subprograms... uh... if they are in
classes... or something...
Like I said, Vogon Poetry. Using different words that have the same approximate
meaning doesn't grant you new meaning.
Those who would argue otherwise need to really understand translation units and
scope. What you call a scope, named or otherwise, doesn't matter. So class
versus structure, versus file... who cares. Programs, subprograms, and
(reachable vs unreachable) data.
The law (and the patent office) is generally unprepared for the lack of
precision in the language of computer science. When everything has many names
with no distinction, its easy to argue something is different from itself
because you chose a synonym that the reader may not know is synonymous.
What's the difference between a duck? One of its legs is both the same.[ Reply to This | # ]
|
| |
| Authored by: Ian Al on Wednesday, September 07 2011 @ 04:50 AM EDT |
Another big comment. (Hey, I heard that sigh!)
Thank you for the
explanations of class and the final comments that explain why it is another name
for an executable like a program.
Just to explain the title, someone I
respect, let's just call him the Professor of Intellectual Responsibility, has
been trying to explain how computers work. He pointed out that computers are
machines. They add no insight, ingenuity or intervention beyond what is
explicitly required by the rules of the procedure.
When discussing what
a patent means (Bilski) the Supremes said 'Section 101 similarly
precludes the broad contention that the term “process” categorically excludes
business methods. The term “method,” which is within §100(b)’s definition of
“process,” at least as a textual matter and before consulting other limitations
in the Patent Act and this Court’s precedents, may include at least some methods
of doing business. See, e.g., Webster’s New International Dictionary (defining
“method” as “[a]n orderly procedure or process . . . regular way or manner of
doing anything; hence, a set form of procedure adopted in investigation or
instruction”). The Court is unaware of any argument that the “ ‘ordinary,
contemporary, common meaning, of “method” excludes business
methods.'
I haven't got Websters, but I do have Linux and I know
how to use it.
---
Regards
Ian Al
Patented inventions must be obvious. You could never work them out from the
patent disclosures. [ Reply to This | # ]
|
| |
| Authored by: Ian Al on Thursday, September 08 2011 @ 03:20 AM EDT |
And another thing, what does the patented invention do?
It's taken me a while to get a handle on this. Let me try and crystallize my
thoughts with my latest patented invention. The patent is called 'An Invention
for the Transmutation of Lead into Gold'.
Here is a summary of the claims and disclosures. The invention measures the mass
of molten lead in up to five melting pots and selects the appropriate ingot
mould size. The contents of all the pots are poured into the one mould to
produce a single ingot of known size. The end of the transmutation process
results in a gold ingot of known size and, thus, known value.
My process produces precision gold ingots and is thus just as patentable as the
Diehr rubber products process. I bet you noticed what is missing. I fail to
mention why the lead gets transmuted into gold. Well, that process is prior art
(See, 'Merlin' and 'Midas'). My innovation is the production of the precision
gold ingots.
Consider the computer system security patent in question. It is explained how a
sub-program is given a symbol which sets the features (programs, classes etc.)
of the overarching program (the Java engine) which can be called and those which
cannot. It fails to explain how doing this transmutes Java (or other object
orientation based platform) from insecure to secure.
If you are a programmer and systems architect you already know how to do this.
Let me guess. You determine what the classes of possible security attack are
(data theft, Java disablement etc.) and you decide which programs must have
restricted access to which features. However, you have no knowledge of what all
those Java application programmers are going to come up with.
So, certain essential, in-house, programs get generous access and the rest get
limited access. How do you choose? Do you consider in your mind the swings and
balances between reducing the value of the platform because of restrictions or
reducing the value of the platform because of permissions?
Is that an abstract idea? Does the patented invention reflect any of those
deliberations? What has the patented invention, of itself, got to do with
computer system security? Why is the invention, itself, anything other than an
indirect way of implementing root/administrator/user permissions?
The term 'computer system security' implies external, malicious attack. What has
the invention got to do with that, as opposed to the normal features of a
quality operating system to prevent users inadvertently damaging some part of
its operation.
My view is that the patent fails to define computer system security and, even if
a programmer understands what is meant, the invention does not, of itself,
achieve that. It resolves to just a tool of the journeyman programmer for
writing software that is resistant to misoperation and it is not innovative in
that respect.
I'm glad that the Dalvik system does not use the method. The 'virtual processor
per app' and the Linux permissions system is much more powerful and secure,
whatever 'secure' actually means!
---
Regards
Ian Al
Patented inventions must be obvious. You could never work them out from the
patent disclosures.[ Reply to This | # ]
|
| |
| Authored by: BitOBear on Friday, September 09 2011 @ 07:58 PM EDT |
[I was going to use this to correct a deep reply to a comment above where I used
the phrase "protected memory model", but as I got to the end I
realized this was potentially significant enough not to bury that deep.]
Calling it "protected memory model" was me failing to properly dig 20
year old information out of my brain. 8-)
In particular, the 80386 introduced the idea of starting in "real
mode" where addresses were mapped to memory mathematically and all the
system instructions were available.
The OS would go through a dance of instructions and setup to establish the
"global descriptor table" and the "local descriptor table"
(I think it was "local" anyway); along with a map of available or
disallowed instructions for "rings one through three" (ring zero being
the core OS, everything goes environment).
All versions of 386 aware Windows prior to Win 2k ran the entire environment as
one program supervised by an OS kernel. That is the memory mappings and
permissions were consistent and collateral in such a way that memory allocated
by one application could be used by another. (For reasons I will skip for
brevity this makes the environment very much a multi-threaded single process
environment by technical definition.)
You could, however, get "general protection faults" from doing things
like allocating a region of memory in a sharable "handle", then giving
that memory away (see Dynamic Data Exchange and then Object Linking and
Embedding for prime examples) but then trying to use the contents of that memory
via a normal pointer dereference. This was normally buggy coding, but it could
also happen because of malicious action. Notice the prominence of the word
protection in the hardware fault definition.
The underlying technology was that any time a "system call" (which was
a very fuzzy idea in windows) cause execution to jump from ring 3 (the
application) to ring 0 (privileged windows operations), the privileged code had
the right to change the permissions and/or address mappings in the descriptor
tables before returning to ring 3. This is the definition of enforcing
permissions on a section of code contextually (e.g. the context before the call
is different than after it, and is usually symmetric in windows when a
"handle" was locked by such a call, used as memory, then unlocked by
the symmetric call).
An almost universal example of this was that your program was allowed to see, or
pass around handles to "graphics contexts" but those contexts were
reserved data structures that your program was not allowed to access directly,
so all "drawing", to the screen and to the printer and to some
internal modeling space, had to go through well-vetted kernel routines.
While this technology was not used by windows itself based on origin at the
gross scale (local hard disk vs the Internet) it _was_ used on fine scale where
various INI and other configuration files could launch DLLs (Dynamic Link
Libraries) and "applications" as drivers or otherwise privileged
applications.
Note that "libraries" are specifically named in the new language, so
windows use of DLLs is explicitly applicable to the new language.
Another technical detail is that all the files used by windows were essentially
DLLs, including the EXE files. The only meaningful difference was whether
LibMain(), Main(), or (whatever the entry points were for control panel modules
etc were called) was used to launch the entity. The word "class" was
never used, but there was entity-global data, instance-local data, and shared
code tied into a definition-private protective namespace (the linking context of
the DLL itself) so in every way that matters a DLL was an object
indistinguishable from a class, and each invocation was indistinguishable from
the act of instancing (e.g. "constructing an instance of") a class.
The announcements of Windows 2K, and its (late date) inclusion of the feature
that Xenix, UNIX (including SCO Unix 8-) and others already had, which kept
"applications" from crashing each other by actually separating the
applications into there own memory regions (e.g. making them "real distinct
processes") is prima facie evidence that up to that point Windows 3.1, 95,
98, and SE all treated the applications as a single process with different
threads (even though they used the name "process" for those threads).
The technical measure of what defines "a process" in terms of
protections and computer systems theory validates this analysis.
The relevant citations should be available Trivially notice the second to last
sentence of http://en.wikipedia.org/wiki/Microsoft_Windows#Windows_3.0_and_3.1
as an example. One would likely need old windows internals books and proper
expert testimony about same to allow the court to see the applicability of
viewing the 3.1 era "application" as constituent element of the
windows ring 3 operation as analogous to an execution domain inside another
application (e.g. class inside Java). This is an education issue, not a
technically obscure one.
[Though I am sure someone will disagree here. vvvvv 8-)][ Reply to This | # ]
|
|
|
|
|
