Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 1-21 are pending in this office action. 

Priority
No foreign priority is claimed.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 9-15, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Roth et al. (US 10,079,681 B1, hereinafter Roth), in view of Gupta et al. (US 2020/0028848 A1, Gupta hereinafter).
For claim 1, Roth teaches a computer-implemented method for processing data in a trusted environment, the method comprising: in response to a request received at a host agent of a server from a user device of a user over a network to process user data, launching a restricted operating environment within the server (Fig. 2; col. 9 lines 56-64 – commands or requests received at the server (computing resource service provider 212); col. 5 lines 21-64; col. 10 lines 20-67 – instantiating a secure execution environment or restricted operating environment within the server, and wherein the request received via API or processes as agents, as well as requests received by the network connection and via many different types of interfacing entities including servers or VM as agent(s) associated with the host server); 
transmitting a token representing the request to the restricted operating environment, wherein an executor associated with the token is launched by the process within the restricted operating environment (col. 9 lines 8-43; col. 23 lines 1-19 – key or token provided or transmitted that is utilized in corresponding execution of data encryption process to encrypt the data to be accessed by the user or to be sent to the user; wherein the executors are processes or agents installed and instantiated as application or agents that provide executor services that perform tasks such as data encryption; col. 7 lines 16-48 – data encryption performed using the corresponding user access key or token corresponding to the user who sent the request), wherein the executor, when executed, is configured to process the user data to generate a processing result without accessing an external component external to the restricted operating environment (col. 7 lines 16-59 – user data is processed by the executor or data encryption process to produce encrypted data, wherein the access is prevented from external entities or devices); and returning the processing result back to the user device (col. 7 lines 5-28; col. 8 lines 35-39; col. 11 lines 15-26 – the resulting encrypted data is received by the user).
Although, it is well-known in the art to establish connection and/or exchange data utilizing processes or agents that listen to or wait for data reception, and based on which, it is obvious that another agent or a guest agent may receive data such as token or key to be utilized in securing a protected application data environment, Roth does not appear to explicitly teach, however Gupta teaches transmitting a token corresponding to a requested application to a guest agent or process executed within the restricted operating environment, which launches an executor associated with the token within the restricted operating environment (Fig. 1, 4-6; para 0055-0056, 0062-0063, 0067-0068, 0072 – instantiating/launching the executor or the application associated with the key, launched by the process that carries the or receives the key/token in element 616).  
Based on Roth in view of Gupta, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Gupta in the system of Roth, in order to avail controlled processes to perform specific tasks in the system pertaining to inter-process communication or dynamic data exchanges, thereby making the system more efficient, dynamic and secure.

For claim 2, Roth in view of Gupta teaches the claimed subject matter as discussed above. Roth further teaches wherein the request is one of a plurality of requests received from a plurality of user devices associated with a plurality of users, and wherein each of the requests is processed within a respective one of a plurality of restricted operating environments (Fig. 2, 4; col. 5 lines 21-64; col. 10 line 65 – col. 11 line 23; col. 16 lines 17-26 – instantiating a secure execution environment or restricted operating environment within the server, and plurality of environments get instantiated based on user and keys; col. 7 lines 16-25, lines 34-53 – the access is prevented from external entities or devices; col. 17 line 65 – col. 18 line 33 – plurality of dynamic environments corresponding to respective isolated users).

For claim 3, Roth in view of Gupta teaches the claimed subject matter as discussed above. Roth does not appear to explicitly teach, however Gupta further teaches transmitting a request identifier (ID) associated with the request and a user ID associated with the user from the host agent to a management service; and receiving the token associated with the request from the management service in response to the request ID and the user ID (para 0023, 0037-0038, 0055-0056, 0067-0068 – user credentials along with communication request specific information is received by the service that manages proxy service, containerized applications and certificate/key management for applications associated with the request for which access token/key is received).

For claim 4, Roth in view of Gupta teaches the claimed subject matter as discussed above. Roth does not appear to explicitly teach, however Gupta teaches method of claim 3, wherein the management service registers the request ID and the user ID and generates the token to represent a service session associated with the request ID and the user ID (Fig. 1-2, 4; para 0023, 0037-0038, 0055-0056, 0067-0068 – user credentials along with communication request specific information is received by the service that manages proxy service, containerized applications and certificate/key management for applications associated with the request, and generates token/key associated with the request).

For claim 9, Roth in view of Gupta teaches the claimed subject matter as discussed above. Roth further teaches registering the user request (Fig. 2; col. 9 lines 56-64 – commands or requests received at the server (computing resource service provider 212); col. 5 lines 21-64; col. 10 lines 20-67 – instantiating a secure execution environment or restricted operating environment within the server, and wherein the request received via API or processes as agents, as well as requests received by the network connection and via many different types of interfacing entities including servers or VM as agent(s) associated with the host server). Although, it is well-known in the art to establish connection and/or exchange data utilizing processes or agents that listen to or wait for data reception, and based on which, it is obvious that another agent or a guest agent may receive data such as token or key to be utilized in securing a protected application data environment, Roth does not appear to explicitly teach, however Gupta teaches comprising transmitting the data pertaining to user requesting connection and data access to a guest agent or process executed within the restricted operating environment or transmitting an indication of availability of the user data to a guest agent or process so the user data can be fetched by the guest agent (Fig. 1, 4-6; para 0055-0056, 0062-0063, 0067-0068, 0072 – instantiating/launching the executor or the application associated with the key pertaining to the user who requested data access, launched by the process that carries the or receives the key in element 616).

For claim 10, Roth in view of Gupta teaches the claimed subject matter as discussed above. Roth further teaches wherein the executor is configured to store the processing result in a predetermined memory location accessible by the host agent, and wherein the host agent is configured to retrieve the processing result from the predetermined memory location to return the processing result back to the user device (col. 7 lines 5-59; col. 8 lines 35-39; col. 11 lines 15-26 – data encryption performed using the corresponding user access key or token corresponding to the user who sent the request, i.e. processing the user data to generate a processing result, and returning the processing result back to the user device and stored in the memory, wherein the resulting encrypted data is received by the user).

For claim 11, Roth in view of Gupta teaches the claimed subject matter as discussed above. Roth further teaches comprising terminating the restricted operating environment without effects to the processing result at the predetermined memory location (col. 16 lines 17-26; col. 18 lines 10-33 – secure environment may be released or destroyed, wherein the data is already made available to the user requesting the data, (col. 7 lines 5-28; col. 8 lines 35-39; col. 11 lines 15-26) i.e. the resulting encrypted data is received by the user).

As to claim 12, the claim limitations are similar to claim 1, except claim 12 is drawn to a non-transitory machine-readable medium having instructions stored therein (Fig. 1-2; col. 34 lines 61-67; col. 20 lines 17-30), which when executed by a processor, cause the processor to perform operations as claimed in claim 1. Therefore claim 12 is rejected according to claim 1.

As to claims 13-15, the claim limitations are similar to those of claims 2-4 respectively. Therefore claims 13-15 are rejected according to claims 2-4 respectively.

As to claim 17, the claim limitations are similar to claim 1, except claim 17 is drawn to a data processing system, comprising: a processor; and a memory coupled to the processor to store instructions (Fig. 1-2, 11; col. 34 lines 61-67; col. 20 lines 17-30), which when executed by the processor, cause the processor to perform operations as claimed in claim 1. Therefore claim 17 is rejected according to claim 1.

As to claims 18-20, the claim limitations are similar to those of claims 2-4 respectively. Therefore claims 18-20 are rejected according to claims 2-4 respectively.



Allowable Subject Matter
Claims 5-8, 16 and 21 are objected to as being dependent upon rejected parent claims, but would be allowable if incorporated in their respective base claims (claims 1, 12 or 17 as applicable) including all of the limitations of the base claims and any intervening claims, in addition to overcoming any objections and rejections as applicable.
    

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433