Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to the original filing of November 29, 2018. Claims 1-21 are pending and have been considered below.

Status of Claims
As a result of an examiner initiated interview conducted on January 7, 2021.  Claims 1, 6, 8, 13, 15 and 20 have been amended.  Claims 3-5, 10-12 and 17-19 have been cancelled.  Claims 1, 2, 6-9, 13-16, 20 and 21 are pending and have been considered below.

Allowable Subject Matter
Claims 1, 2, 6-9, 13-16, 20 and 21 are allowed. 

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Mr. John A.  Griffiths, Reg. No. 57654 on 1/06/2020 and an agreement was reached on 1/07/2020.   
1.     (Currently Amended)  A method to securely transfer computation in a disaggregated compute environment comprising a set of resource pools including a secure processor pool, comprising:
associating a set of processors drawn from the secure processor pool as an enclave; associating a first key-pair with each of the set of processors in the enclave, the first key-pair including a private key that is shared by the each of the processors, the private key having an associated public key;
receiving user code and data within a first processor in the enclave, the user code and data being secured by a second key-pair uniquely associated with a user, the second key-pair including a decipher key; [[and]]
in association with a transfer of the user code and data from a first processor in the enclave to a second processor in the enclave that shares the first key-pair, encrypting the decipher key using the private key and passing the encrypted decipher key from the first processor to the second processor;
adjusting a membership of the set of processors in the enclave, wherein adjusting the membership includes: 
determining whether a new processor has an authorization to join the enclave; and
when the new processor has the authorization, associating the new processor to the set of processors in the enclave; and
 refreshing the first key-pair following association of the new processor to the set of processors.
2.    (Original)  The method of claim 1, further including securely transferring the user code and data from the second processor to a processor outside the enclave.
3-5.   (Cancelled) 	
6. (Currently Amended)   The method of claim [[3]]1, wherein adjusting the membership includes removing a processor from the set of processors in the enclave and returning the removed processor to the secure processor pool.
7.   (Original)    The method of claim 1, further including executing the user code in the enclave, wherein the user code is executed by decrypting the encrypted decipher key using the public key to recover the decipher key, and then applying the decipher key to decrypt the user code.
8. 	(Currently Amended)   A system to securely transfer computation in a disaggregated compute environment comprising a set of resource pools including a secure processor pool, comprising:

computer memory holding computer program instructions executed by the hardware processors and operative to:
associate a set of processors drawn from the secure processor pool as an enclave;
associate a first key-pair with each of the set of processors in the enclave, the first key-pair including a private key that is shared by the each of the processors, the private key having an associated public key;
receive user code and data within a first processor in the enclave, the user code and data being secured by a second key-pair uniquely associated with a user, the second key-pair including a decipher key; [[and]]
in association with a transfer of the user code and data from a first processor in the enclave to a second processor in the enclave that shares the first key-pair, encrypt the decipher key using the private key and passing the encrypted decipher key from the first processor to the second processor;
adjust a membership of the set of processors in the enclave, wherein adjusting  the membership includes:
determining whether a new processor has an authorization to join the enclave; and
when the new processor has the authorization, associating the new processor to the set of processors in the enclave; and
refresh the first key-pair following association of the new processor to the set of processors.
9.    (Original)  The system of claim 8, wherein the computer program instructions are further operative to securely transfer the user code and data from the second processor to a processor outside the enclave.
10-12.	(Cancelled)
13.  	(Currently Amended)   The system of claim [[11]]8, wherein the computer program instructions to adjust the membership includes program code operative to remove a processor from the set of processors in the enclave and return the removed processor to the secure processor pool.
14.    (Original)  The system of claim 8, wherein the computer program instructions are further operative to execute the user code in the enclave, wherein the user code is executed by decrypting the encrypted decipher key using the public key to recover the decipher key, and then applying the decipher key to decrypt the user code.
15.    (Currently Amended) A computer program product in a non-transitory computer readable medium for use in a data processing system to securely transfer computation in a disaggregated compute environment comprising a set of resource 
associate a set of processors drawn from the secure processor pool as an enclave;
associate a first key-pair with each of the set of processors in the enclave, the first key-pair including a private key that is shared by the each of the processors, the private key having an associated public key;
receive user code and data within a first processor in the enclave, the user code and data being secured by a second key-pair uniquely associated with a user, the second key-pair including a decipher key; [[and]]
in association with a transfer of the user code and data from a first processor in the enclave to a second processor in the enclave that shares the first key-pair, encrypt the decipher key using the private key and passing the encrypted decipher key from the first processor to the second processor;
adjust a membership of the set of processors in the enclave, wherein adjusting  the membership includes:
determining whether a new processor has an authorization to join the enclave; and
when the new processor has the authorization, associating the new processor to the set of processors in the enclave; and
refresh the first key-pair following association of the new processor to the set of processors.
16.    (Original)  The computer program product of claim 15, wherein the computer program instructions are further operative to securely transfer the user code and data from the second processor to a processor outside the enclave.
17-19.	(Cancelled)    
20.    (Currently Amended) The computer program product of claim 1[[7]]5, wherein the computer program instructions to adjust the membership includes program code operative to remove a processor from the set of processors in the enclave and return the removed processor to the secure processor pool.
21.    (Original)   The computer program product of claim 15, wherein the computer program instructions are further operative to execute the user code in the enclave, wherein the user code is executed by decrypting the encrypted decipher key using the public key to recover the decipher key, and then applying the decipher key to decrypt the user code.

Examiner's Statement of Reasons for Allowance
The following is a statement of reasons for the indication of allowable subject matter:
Cray U.S. 2018/0330079 A1 A1 is directed toward public enclave key of each enclave in an enclave pool may be registered in an enclave pool registry, and the registry 
Hunt et al U.S. 2015/0379297 A1 is directed toward Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor. 
Johnson et al U.S. 8,972,746 B2 teaches a platform level key to provide for a secure enclave corresponding to a plurality of processors, wherein the platform-level key is to be 
Poornachandran et al U.S. 2017/0372076 A1 is drawn toward technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed. 
with respect to claims 1, 8 and 15: the prior art of record alone or in combination fails to anticipate or render obvious the claims invention as amended  wherein receiving user code and data within a first processor in the enclave, the user code and data being secured by a second key-pair uniquely associated with a user, the second key-
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685.  The examiner can normally be reached on 6:30-3:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Friday, January 8, 2021

/FATOUMATA TRAORE/
Primary Examiner, Art Unit 2436