Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
Claims 1-10 are presented for examination.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/11/2020 and 12/31/2018 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.

Drawings
The drawings filed on 12/31/2018 are accepted by the examiner.

Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

1.	Claims 1-4 and 6-9 rejected under 35 U.S.C. 103 as being unpatentable over Yao et al. (US Pub No. 2018/0276352, hereinafter “Yao”) in view of Aissi (US Pub No. 2013/0347064, hereinafter “Aissi”).

Regarding claim 1, Yao does disclose, a hybrid trusted execution environment based android security framework comprising:  5a first hardware resource that comprises a rich execution environment (REE) where an android operating system (OS) runs (Yao, (para. [0053]), the non-secure running environment is a rich execution environment (Rich Executable Environment, REE) on the terminal, and an operating system such as Android, iOS, or Windows Phone is run in the non-secure running environment); and a secure container which implements a [virtualized] trusted execution environment (VTEE) that processes a security task in the rich execution environment (REE) when an application running on the rich execution environment requests the security task (Yao, (para. [0055]) and figure 1), in the REE, various client applications CAs are installed. …  The CA may access the TA by using the REE control module or the TEE control module, to implement a corresponding secure operation; (para. [0066] and figure 3), a user performs, by using a payment application (that is, a CA), an operation of transfer to a mobile number. When the user clicks "Next" (that is, a first operation) on a CA interface in the REE to perform a password entry operation, the terminal switches a display environment from an REE to a TEE according to the first operation, and display, in the TEE, an application interface (that is, a TA interface) that includes a virtual keyboard. The user confirms transfer information and then performs the password entry operation on the TA interface. In this case, the password entry operation by the user is in a secure running environment (that is, the TEE), and an application in a non-secure running environment (that is, the REE) cannot steal a password entered in the TEE by the user, thereby ensuring security of the password entry operation by the user).  

Yao does not explicitly disclose but the analogous art Aissi discloses, a virtualized [trusted execution environment (VTEE)] (Aissi, (para. [0104 and 0108]), a virtualized trusted execution environment is implemented using a secure / trusted container such as a trusted Virtual Machine using virtualization technology).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Yao by including a virtualized environment taught by Aissi for the advantage of protecting the security sensitive application and its associated state from any tampering (Aissi, (para. [0128])).

Regarding claim 2, the combination of Yao-Aissi does disclose the hybrid trusted execution environment based android security framework of claim 1, further comprising: a second hardware resource which is isolated from the first hardware resource that Yao, (para. [0053]), the secure running environment is a trusted execution environment (TEE), and a secure operating system runs in the secure running environment. Software and hardware resources accessed in the TEE are isolated from the REE).  

Regarding claim 3, the combination of Yao-Aissi does disclose the hybrid trusted execution environment based android security framework of claim 2, wherein when the application running on the rich execution environment requests the security task, the secure container loads library and core for providing a service of processing the 20security task from the trusted execution environment (TEE), and processes the security task (Aissi, (para. [0072, 0184]), the VMM installer module 320 may be invoked by the TEE discovery module 326, once the application loader 318 determines that the mobile device 102 supports virtualization technology and determines that the application should be installed in a secure container hosted by a VMM. The VMM installer module 320 installs the VMM on the mobile device 102. The VMM creates a secure container for the installation and execution of the security sensitive application 316).  

Regarding claim 4, the combination of Yao-Aissi does disclose the hybrid trusted execution environment based android security framework of claim 1, wherein the secure container includes a virtualized trusted execution environment 23manager to receive the request for the security task from the application running on the rich execution Yao, (para. [0066] and figure 3), a user performs, by using a payment application (that is, a CA), an operation of transfer to a mobile number. When the user clicks "Next" (that is, a first operation) on a CA interface in the REE to perform a password entry operation, the terminal switches a display environment from an REE to a TEE according to the first operation, and display, in the TEE, an application interface (that is, a TA interface) that includes a virtual keyboard. The user confirms transfer information and then performs the password entry operation on the TA interface. In this case, the password entry operation by the user is in a secure running environment (that is, the TEE), and an application in a non-secure running environment (that is, the REE) cannot steal a password entered in the TEE by the user, thereby ensuring security of the password entry operation by the user).  

Regarding claim 6, the combination of Yao-Aissi does disclose the hybrid trusted execution environment based android security framework of claim 1, wherein the virtualized trusted execution environment (VTEE) is included in a system running on the rich execution environment (REE) or a vendor image, and is updated together (Yao, (para. [0055]) and figure 1), in the REE, various client applications CAs are installed. …  The CA may access the TA by using the REE control module or the TEE control module, to implement a corresponding secure operation).  

20 Regarding claim 7, the combination of Yao-Aissi does disclose the hybrid trusted execution environment based android security framework of claim 1, wherein the virtualized trusted execution environment (VTEE) performs access control by executing a Security Enhancements for Android (SEAndroid) file system in the rich execution environment (REE) (Yao, (para. [0053]), the non-secure running environment is a rich execution environment (Rich Executable Environment, REE) on the terminal, and an operating system such as Android, iOS, or Windows Phone is run in the non-secure running environment).  

Regarding claim 8, Yao does disclose, an android device having a processor and a memory equipped with the hybrid trusted execution environment based android security framework, wherein the hybrid trusted execution environment based android security framework includes:  5a first hardware resource that comprises a rich execution environment (REE) where an android operating system (OS) runs (Yao, (para. [0053]), the non-secure running environment is a rich execution environment (Rich Executable Environment, REE) on the terminal, and an operating system such as Android, iOS, or Windows Phone is run in the non-secure running environment); and a secure container which implements a [virtualized] trusted execution environment (VTEE) that processes a security task in the rich execution environment (REE) when an application running on the rich execution environment requests the security task (Yao, (para. [0055]) and figure 1), in the REE, various client applications CAs are installed. …  The CA may access the TA by using the REE control module or the TEE control module, to implement a corresponding secure operation; (para. [0066] and figure 3), a user performs, by using a payment application (that is, a CA), an operation of transfer to a mobile number. When the user clicks "Next" (that is, a first operation) on a CA interface in the REE to perform a password entry operation, the terminal switches a display environment from an REE to a TEE according to the first operation, and display, in the TEE, an application interface (that is, a TA interface) that includes a virtual keyboard. The user confirms transfer information and then performs the password entry operation on the TA interface. In this case, the password entry operation by the user is in a secure running environment (that is, the TEE), and an application in a non-secure running environment (that is, the REE) cannot steal a password entered in the TEE by the user, thereby ensuring security of the password entry operation by the user).  
Yao does not explicitly disclose but the analogous art Aissi discloses, a virtualized [trusted execution environment (VTEE)] (Aissi, (para. [0104 and 0108]), a virtualized trusted execution environment is implemented using a secure / trusted container such as a trusted Virtual Machine using virtualization technology).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Yao by including a virtualized environment taught by Aissi for the advantage of protecting the security sensitive application and its associated state from any tampering (Aissi, (para. [0128])).

Regarding claim 9, Yao does disclose, a method of executing a trusted service in an android device that executes a variety of application programs based on an android operating system (OS), the method comprising: executing an application on a rich execution environment (REE) where the android OS runs (Yao, (para. [0053]), the non-secure running environment is a rich execution environment (Rich Executable Environment, REE) on the terminal, and an operating system such as Android, iOS, or Windows Phone is run in the non-secure running environment);  15when the application requests a security task, establishing a [virtualized] trusted execution environment (VTEE) for processing the security task in the rich execution environment (REE) by applying container technology; and processing the security task and returning the result value to the application (Yao, (para. [0055]) and figure 1), in the REE, various client applications CAs are installed. …  The CA may access the TA by using the REE control module or the TEE control module, to implement a corresponding secure operation; (para. [0066] and figure 3), a user performs, by using a payment application (that is, a CA), an operation of transfer to a mobile number. When the user clicks "Next" (that is, a first operation) on a CA interface in the REE to perform a password entry operation, the terminal switches a display environment from an REE to a TEE according to the first operation, and display, in the TEE, an application interface (that is, a TA interface) that includes a virtual keyboard. The user confirms transfer information and then performs the password entry operation on the TA interface. In this case, the password entry operation by the user is in a secure running environment (that is, the TEE), and an application in a non-secure running environment (that is, the REE) cannot steal a password entered in the TEE by the user, thereby ensuring security of the password entry operation by the user).  
Yao does not explicitly disclose but the analogous art Aissi discloses, a virtualized [trusted execution environment (VTEE)] (Aissi, (para. [0104 and 0108]), a virtualized trusted execution environment is implemented using a secure / trusted container such as a trusted Virtual Machine using virtualization technology).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Yao by including a virtualized environment taught by Aissi for the advantage of protecting the security sensitive application and its associated state from any tampering (Aissi, (para. [0128])).

Allowable Subject Matter
Claims 5 and 10 are objected to as being dependent upon a rejected base claims, but would be allowable if rewritten or amended in independent form including all of the limitations of the base claim and any intervening claims and to overcome the rejection(s) under 35 U.S.C. 112 (b), set forth in this Office action.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI	whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST.    
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (In USA or Canada) or 571-272-1000.

/MORSHED MEHEDI/Primary Examiner, Art Unit 2432