DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to submission filed 02/04/2021. Claims 1-3, 5, 12, 16 and 19 are amended. Claims 1-20 remain pending.

Continued Examination under 37 CFR 1.114
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this Application after Final Rejection. Since this Application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office Action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 02/04/2021 has been entered. 

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20, Remarks: pages 11-17 filed 02/04/2021 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Examiner’s Note on a Proposed Allowable Subject Matter
An updated search and consideration indicates an Allowable Subject Matter which is being proposed to applicant for their consideration. Based on the 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claims 5-7, 9-10, 12-13, 15-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Maim, US2020/0387893A1.

Per claim 5, Maim discloses a computer-implemented method comprising: 
receiving, in a secure computing environment of a first device, a request to sign a first message (Upon receipt of a message, the recipient WN can initially at least decrypt WN2 (or WN2+#WP) with its private key SK2, derive therefrom a pair of keys SKd2, PKd2 if this has not already been done, and communicate PKd2 to the emitter if it has not already been communicated – Maim: par. 0827 – Note: the emitter requesting the signature is provided with the signer’s public key); 
determining, in the secure computing environment of the first device, one or more values of the first message satisfy one or more conditions (if the recipient of such a message is a body enclave, the protocol (detailed below) involves WN2 sending to WN1 a certificate of execution and integrity of WNRoT (this is a condition automatically required by WN1) before WN1 will transmit the data content of the message to WN2 – Maim: par. 0829 – Note: WN stands for “Wallet Node”, and WN comprises an enclave); 
determining, in the secure computing environment of the first device, one or more private key values (the enclaves use a two-stage protocol (because WN1 must verify WNRoT before communicating the data content of the message) and that the derived keys also require a two-stage protocol, because the body enclave must first be reconfigured on the basis of an incoming message containing a WN2 (+#WP), and combines these two respective stages in the following four steps: [0831] 1.  WN1 transmits WN2+#WP to Body2 (in a message WM1): [0832] message: nonce1, .sctn..sub.PKBody2WN2+#WP, nonce2, PK1, Sign.sub.SK1(nonce1, .sctn..sub.PKBody2WN2+#WP, nonce2), sign.sub.SK(PK1) – Maim: par. 0830-0832 – Note: nonce and private key are determined (generated) in the enclave); and 
determining, in the secure computing environment of the first device, a first signed message based at least in part on the one or more private key values, wherein the first signed message comprises a plurality of signatures that are required to approve a transaction (WN1 verifies the signatures and the received certificate, then sends a message (WM2) to WN2 transmitting data: [0836] message: nonce3, .sctn..sub.PKd2data, nonce4, PK1, Sign.sub.SK1(nonce3, .sctn..sub.PKd2data, nonce4), sign.sub.SK(PK1)… FIG. 27 shows transactions tx1, tx2, tx3 and tx4 which are generated by WNs "1," "2," "3" and "4" respectively.  Here tx1 and tx2 are guardWNs.  The numbers on their outputs represent the WNs whose respective signatures are required on the inputs that these outputs feed.  Thus, the first output of Tx1 requires a signature of WN 3 as well as the signature of guardWN 1, and so on. [0888] Here, tx3 and tx4, as guardedTxs, must reproduce on their respective outputs the fact of requiring signatures 1 and 2 on the inputs of subsequent transactions which they feed.  It is thus that the required signatures of guardWNs propagate downstream step by step--for example, tx3 requires that tx4 is signed by guardWNs 1 and 2, and the latter (as well as their "hard WN" mirrors, redundant for greater reliability) will only sign tx4 if this requirement is re-propagated to subsequent transactions, and so on step by step.  The entire dtree from each guardWN is thus secured – Maim: par. 0835-0836  and 0887-0888– Note: A transaction requiring n out of m signatures (multisig) can be generated by WNs and communicated by WMs to m potential signers some of which will return their signature).

Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Maim in view of Maim to include determining, in the secure computing environment of the first device, a first signed message based at least in part on the one or more private key values, wherein the first signed message comprises a plurality of signatures that are required to approve a transaction.
One of ordinary skill in the art would have been motivated because it would allow to include hardware-implemented security using “enclaves” to aim “not only for the advantages of speed (consensus by blockchain is slow) and cost (transaction fees), but also qualitative advantages” Maim: par. 0006. It would further allow “exchanging units of accounts by transaction without compulsory broadcast”… by associating to each node information on the degree of trust or proximity with respect to another node – Maim: par. 0059.

Per claim 6, Maim discloses the computer-implemented method of claim 5, further comprising: 
determining, in the secure computing environment of the first device, that the first message is associated with a second device that is paired with the first device (at a first processing unit implementing the first node, generate a passphrase and make it accessible to the user of said first processing unit; [0203] at another processing unit implementing the other node, enter said passphrase, which was communicated by the user of the first processing unit to the user of the other processing unit by a communication channel involving a human action between the two users  – Maim: par. 0202-0203); and 
wherein the determining the first signed message is further based on the determining the first device is paired with the second device (transmit from said other processing unit to the first processing unit via a communication channel the public key associated with said other node and a signature (of the hash) of the phrase entered, achieved with its private key; [0205] at the first processing unit, verify said signature with the aid of the public key received and the passphrase initially made accessible to the user of the first processing unit, and save said public key if the verification is successful – Maim: par. 0204-0205).
The same motivation to modify Maim in view of Maim applied to claim 1 above applies here.

Per claim 7, Maim discloses the computer-implemented method of claim 5, further comprising: 
receiving, in the secure computing environment of the first device, a pairing request to establish a relationship between the first device and a second device (at a first processing unit implementing the first node, generate a passphrase and make it accessible to the user of said first processing unit; [0203] at another processing unit implementing the other node, enter said passphrase, which was communicated by the user of the first processing unit to the user of the other processing unit by a communication channel involving a human action between the two users  – Maim: par. 0202-0203);
receiving, from an input device in the secure computing environment of the first device, input indicative of approval of the pairing request (each node being associated with a public key and a private key, a given node being capable of communicating its public key to another node, thus forming a so-called real connection (IRL-connected) between the two nodes, and each node also being capable of communicating to another node a public key received from yet another node, thus forming a so-called indirect connection between the other node and the yet another node, each node being capable of having a specific connection weight with respect to another node with which it has a real or indirect connection, comprising the following steps: [0212] from a first node and a second node between which a connection is to be established, select a plurality of intermediate nodes between the first node and the second node – Maim: par. 0211-0212); and 
In accordance with one of the required aspects of its disclosed invention, Maim discloses determining, within the secure computing environment of the first device, a first key of the first device that is signed within the secure computing environment of the first device (sending a pre-message by WN1 to WN2; [0009] b1) in response to this pre-message, execution in the enclave of a first program (WNRoT); [0010] b2) generation, by the enclave, of a certificate of authenticity of said first program and of the integrity of its execution; [0011] b3) sending said certificate to WN1; [0012] c) verification by WN1 of said certificate…between steps a) and c), a step of generation by WN2 of a pair of public/private keys derived from a secret key of WN2 and from the designation of said given program – Maim: par. 0008-0012 and 0023); 
sending, from the first device to the second device, the first key (before step d), a step of sending the public derived key to WN1 – Maim: par. 0024); 
receiving, in the secure computing environment of the first device, a second key associated with the second device (at each of the intermediate nodes, verification of the signature of the random code received from the second node and, if successful, communication to the first node of the public key of the second node encrypted with the aid of the public key of the first node – Maim: par. 0216); 
determining, in the secure computing environment of the first device, that the second key is valid (at the first node, decryption and storage of the public key of the second node – Maim: par. 0217 – Note: the first node validates the received public key of the second node by being able to decrypt it because the intermediate nodes have encrypted it with the public key of the first node after verifying its signature); and 
storing, in the secure computing environment of the first device, data indicative of a pairing between the first device and the second device being authorized (at the first node, decryption and storage of the public key of the second node – Maim: par. 0217).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Maim in view of Maim to include receiving, in the secure computing environment of the first device, a pairing request to establish a relationship between the first device and a second device; receiving, from an input device in the secure computing environment of the first device, input indicative of approval of the pairing request; and determining, within the secure computing environment of the first device, a first key of the first device that is signed within the secure computing environment of the first device; sending, from the first device to the second device, the first key; receiving, in the secure computing environment of the first device, a second key associated with the second device; determining, in the secure computing environment of the first device, that the second key is valid; and storing, in the secure computing environment of the first device, data indicative of a pairing between the first device and the second device being authorized.
One of ordinary skill in the art would have been motivated because it would allow “to exchange encrypted information with a security linked to the connection weights of the intermediate nodes” – Maim: par. 0217.

Per claim 9, Maim discloses the computer-implemented method of claim 5, further comprising:
receiving, using an input device in the secure computing environment of the first device, data indicative of: a particular pairing relationship between the first device and a second device (at a first processing unit implementing the first node, generate a passphrase and make it accessible to the user of said first processing unit; [0203] at another processing unit implementing the other node, enter said passphrase, which was communicated by the user of the first processing unit to the user of the other processing unit by a communication channel involving a human action between the two users  – Maim: par. 0202-0203); and 
one or more boundary values that are indicative of limits of the one or more conditions (at the first processing unit, verify said signature with the aid of the public key received and the passphrase initially made accessible to the user of the first processing unit, and save said public key if the verification is successful – Maim: par. 0205).
The same motivation to modify Maim in view of Maim applied to claim 7 above applies here.

Per claim 10, Maim discloses the computer-implemented method of claim 5, further comprising:
determining, in the secure computing environment of the first device, that the first message originated at a second device, and wherein the second device is permitted to provide messages to the first device for signing (at a first processing unit implementing the first node, generate a passphrase and make it accessible to the user of said first processing unit; [0203] at another processing unit implementing the other node, enter said passphrase, which was communicated by the user of the first processing unit to the user of the other processing unit by a communication channel involving a human action between the two users…transmit from said other processing unit to the first processing unit via a communication channel the public key associated with said other node and a signature (of the hash) of the phrase entered, achieved with its private key; [0205] at the first processing unit, verify said signature with the aid of the public key received and the passphrase initially made accessible to the user of the first processing unit, and save said public key if the verification is successful – Maim: par. 0202-0205); and 
sending, from the secure computing environment of the first device, the first signed message to a third device (each node also being capable of communicating to another node a public key received from yet another node, thus forming a so-called indirect connection between the other node and the yet another node, each node being capable of having a specific connection weight with respect to another node with which it has a real or indirect connection, comprising the following steps: [0212] from a first node and a second node between which a connection is to be established, select a plurality of intermediate nodes between the first node and the second node, from among those having the highest connection weights with respect to the first node; [0213] communicate from the first node to the selected intermediate nodes a random datum (nonce) intended to be communicated to the second node; [0214] via one or more separate communication channels of the communication channel between nodes, communicate redundantly from the intermediate nodes to the second node said random code as well as the public keys of said intermediate nodes; [0215] at the second node, in response to the receipt of the redundant random code, generate a signature of the random code with the aid of the private key of the second node and return to the intermediate nodes said signature as well as the private key of the second node, encrypted with the aid of the public keys of the intermediate nodes, respectively; [0216] at each of the intermediate nodes, verification of the signature of the random code received from the second node and, if successful, communication to the first node of the public key of the second node encrypted with the aid of the public key of the first node – Maim: par. 0211-0216).
The same motivation to modify Maim in view of Maim applied to claims1 and 7 above applies here.

Per claim 12, Maim discloses the computer-implemented method of claim 5, the method further comprising: restricting at least a portion of the one or more private key values from transfer outside of the secure computing environment of the first device (a processor is proposed that comprises a secure unit (enclave), said enclave comprising: [0085] a secret key; [0086] means to generate a secret key derived from a combination of said secret key and other information; [0087] means to load, via a correspondence table, a program corresponding to given information and for executing said program, characterized in that said enclave also comprises means that are capable: [0088] upon receipt of a message, part of which is encrypted and can only be decrypted by means of said derived key; [0089] of activating said means in order to generate this derived key on the basis of said other information contained in the message received; [0090] of loading, without leaving the enclave, a program corresponding to said other information and of executing said program on the input data containing the message received, of which said encrypted part has been decrypted by means of the secret derived key – Maim: par. 0084-0090 – Note: the derived private key is generated/maintained in the enclave and never leaves the enclave).
The same motivation to modify Maim in view of Maim applied to claim 1 above applies here.

Per claim 13, Maim discloses the computer-implemented method of claim 5, wherein the first message comprises data associated with a cryptocurrency transaction (It should be noted that all different possible Bitcoin transaction types can be generated.  The transactions are communicated by WMs to WNs having the addresses specified on or for the outputs of these transactions.  Required signatures can be communicated by WMs.  For example, a transaction requiring n out of m signatures (multisig) can be generated by WNs and communicated by WMs to m potential signers some of which will return their signature – Maim: par. 0670).
The same motivation to modify Maim in view of Maim applied to claim 1 above applies here.

Per claim 15, Maim discloses the computer-implemented method of claim 5, further comprising:
determining the first message is associated with a second device that is paired with the first device (at a first processing unit implementing the first node, generate a passphrase and make it accessible to the user of said first processing unit; [0203] at another processing unit implementing the other node, enter said passphrase, which was communicated by the user of the first processing unit to the user of the other processing unit by a communication channel involving a human action between the two users…transmit from said other processing unit to the first processing unit via a communication channel the public key associated with said other node and a signature (of the hash) of the phrase entered, achieved with its private key; [0205] at the first processing unit, verify said signature with the aid of the public key received and the passphrase initially made accessible to the user of the first processing unit, and save said public key if the verification is successful – Maim: par. 0202-0205); and 
wherein the one or more conditions have one or more limits that are based at least in part on the second device (each node being associated with a public key and a private key, a given node being capable of communicating its public key to another node, thus forming a so-called real connection (IRL-connected) between the two nodes, and each node also being capable of communicating to another node a public key received from yet another node, thus forming a so-called indirect connection between the other node and the yet another node, each node being capable of having a specific connection weight with respect to another node with which it has a real or indirect connection, comprising the following steps: [0212] from a first node and a second node between which a connection is to be established, select a plurality of intermediate nodes between the first node and the second, from among those having the highest connection weights with respect to the first node – Maim: par. 0211-0212).
The same motivation to modify Maim in view of Maim applied to claim 7 above applies here.

Per claim 16, Maim discloses a method comprising: 
receiving, in a secure computing environment of a first device, a first message (Upon receipt of a message, the recipient WN can initially at least decrypt WN2 (or WN2+#WP) with its private key SK2, derive therefrom a pair of keys SKd2, PKd2 if this has not already been done, and communicate PKd2 to the emitter if it has not already been communicated – Maim: par. 0827 – Note: the emitter requesting the signature is provided with the signer’s public key); 
determining, in the secure computing environment of the first device, the first message is associated with a second device (as a result of a message received, an enclave is capable of dynamically generating derived keys "SKd/PKd" (private/public, the private key being accessible only by the enclave) based on a main secret key (seal key) and a WN2 address of the wallet node receiving the message (and optionally of the hash #WP if the advantage of not using the secret key of WN is desired) specified in the message, [0823] the data (or payload) of the message, i.e. the data other than the address WN2 of the receiver node (and the identification #WP of the WP to be executed) are encrypted by means of the secret derived key Skd and can thus only be decrypted by a specialized enclave for the given wallet node WN2 (and the given WP) – Maim: par. 0822-0823); 
determining, in the secure computing environment of the first device, that the first device is paired with the second device (If the recipient of such a message is a WN SoC, the exchange is done in a single message if the emitter knows PKd2, and, if it does not, with one additional interaction in order to communicate PKd2 to the emitter – Maim: par. 0828); 
determining, in the secure computing environment of the first device, one or more values of the first message satisfy one or more conditions (if the recipient of such a message is a body enclave, the protocol (detailed below) involves WN2 sending to WN1 a certificate of execution and integrity of WNRoT (this is a condition automatically required by WN1) before WN1 will transmit the data content of the message to WN2 – Maim: par. 0829 – Note: WN stands for “Wallet Node”, and WN comprises an enclave); 
determining, in the secure computing environment of the first device, a private key value (the enclaves use a two-stage protocol (because WN1 must verify WNRoT before communicating the data content of the message) and that the derived keys also require a two-stage protocol, because the body enclave must first be reconfigured on the basis of an incoming message containing a WN2 (+#WP), and combines these two respective stages in the following four steps: [0831] 1.  WN1 transmits WN2+#WP to Body2 (in a message WM1): [0832] message: nonce1, .sctn..sub.PKBody2WN2+#WP, nonce2, PK1, Sign.sub.SK1(nonce1, .sctn..sub.PKBody2WN2+#WP, nonce2), sign.sub.SK(PK1) – Maim: par. 0830-0832 – Note: nonce and private key are determined (generated) in the enclave); and 
determining, in the secure computing environment of the first device, a first signed message based at least in part on the private key value, wherein the first signed message comprises at least one signature of a plurality of signatures that are required to approve a transaction (WN1 verifies the signatures and the received certificate, then sends a message (WM2) to WN2 transmitting data: [0836] message: nonce3, .sctn..sub.PKd2data, nonce4, PK1, Sign.sub.SK1(nonce3, .sctn..sub.PKd2data, nonce4), sign.sub.SK(PK1) – Maim: par. 0835-0836 – Note: a transaction requiring n out of m signatures (multisig) can be generated by WNs and communicated by WMs to m potential signers some of which will return their signature).
The same motivation to modify Maim in view of Maim applied to claim 1 above applies here.

Per claim 18, Maim discloses the method of claim 16, further comprising:
receiving, using an input device in the secure computing environment of the first device, data indicative of: selection of pairing with the second device (each node being associated with a public key and a private key, a given node being capable of communicating its public key to another node, thus forming a so-called real connection (IRL-connected) between the two nodes, and each node also being capable of communicating to another node a public key received from yet another node, thus forming a so-called indirect connection between the other node and the yet another node, each node being capable of having a specific connection weight with respect to another node with which it has a real or indirect connection, comprising the following steps: [0212] from a first node and a second node between which a connection is to be established, select a plurality of intermediate nodes between the first node and the second node – Maim: par. 0211-0212); and 
one or more boundary values that are indicative of limits of the one or more conditions (select a plurality of intermediate nodes between the first node and the second node, from among those having the highest connection weights with respect to the first node – Maim: par. 0212).
The same motivation to modify Maim in view of Maim applied to claim 7 above applies here.

Per claim 19, Maim discloses the method of claim 16, the method further comprising: maintaining the private key value within the secure computing environment of the first device (a processor is proposed that comprises a secure unit (enclave), said enclave comprising: [0085] a secret key; [0086] means to generate a secret key derived from a combination of said secret key and other information; [0087] means to load, via a correspondence table, a program corresponding to given information and for executing said program, characterized in that said enclave also comprises means that are capable: [0088] upon receipt of a message, part of which is encrypted and can only be decrypted by means of said derived key; [0089] of activating said means in order to generate this derived key on the basis of said other information contained in the message received; [0090] of loading, without leaving the enclave, a program corresponding to said other information and of executing said program on the input data containing the message received, of which said encrypted part has been decrypted by means of the secret derived key – Maim: par. 0084-0090 – Note: the derived private key is generated/maintained in the enclave and never leaves the enclave).
The same motivation to modify Maim in view of Maim applied to claim 1 above applies here.

Per claim 20, Maim discloses the method of claim 16, wherein the one or more conditions have one or more values that are indicative of limits, wherein the one or more conditions are associated with the second device (if the recipient of such a message is a body enclave, the protocol (detailed below) involves WN2 sending to WN1 a certificate of execution and integrity of WNRoT (this is a condition automatically required by WN1) before WN1 will transmit the data content of the message to WN2 – Maim: par. 0829 – Note: WN stands for “Wallet Node”, and WN comprises an enclave).
The same motivation to modify Maim in view of Maim applied to claim 1 above applies here.

2.	Claims 8, 11, 14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Maim, US2020/0387893A1 in view of Sprague, US2018/0254898A1.

Per claim 8, Maim discloses the computer-implemented method of claim 5.
Maim is not relied on to disclose but in view of Sprague discloses further comprising:
determining, in the secure computing environment of the first device, contact data that is associated with at least a portion of the one or more values, wherein the contact data comprises one or more of: a name, a digital signature, image data, a telephone number, or a network address (the instructions may be formed in a trusted execution environment (TEE) of the device by a trusted application.  The trusted application may collect and append verification information, such as time, location, identity, compliance or other critical data locally or remotely, and such to the secure instruction – Sprague: par. 0160);
presenting, using an output device in the secure computing environment of the first device, at least a portion of the contact data (provide the user a mechanism to securely confirm the instruction is part of an intended transaction– Sprague: par. 0160); and 
receiving, using an input device in the secure computing environment of the first device, data indicative of approval to sign the first message (provide the user a mechanism to securely confirm the instruction is part of an intended transaction– Sprague: par. 0160 – Note: verification information collected by the trusted application in TEE is appended to the instruction to secure the instruction); and 
wherein the determining the first signed message is responsive to the data indicative of approval (The TEE applet 208 then packages 389 the received input as a reply to the instruction and signs 390 the reply with the public key of the user device 205 (and may also encrypt the reply with the public key of the service provider 204) – Sprague: par. 0108 – Note: wherein per 0160, after securely confirming the instruction is part of an intended transaction by collecting and appending the verification information, the reply will be signed and sent).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Maim in view of Sprague to include determining, in the secure computing environment of the first device, contact data that is associated with at least a portion of the one or more values, wherein the contact data comprises one or more of: a name, a digital signature, image data, a telephone number, or a network address; presenting, using an output device in the secure computing environment of the first device, at least a portion of the contact data; and receiving, using an input device in the secure computing environment of the first device, data indicative of approval to sign the first message; and wherein the determining the first signed message is responsive to the data indicative of approval.
One of ordinary skill in the art would have been motivated because it would allow to “requiring user acknowledgement or authorization from a remote process prior to execution of the instruction” Sprague: par. 0066. It would further allow to couple restrictions to the public key of the user device so that “Without passing these encumbrances, the TEE applet 208 cannot execute the instruction” Sprague: par. 0066.

Per claim 11, Maim discloses the computer-implemented method of claim 5.
Maim is not relied on to disclose but in view of Sprague discloses further comprising:
presenting, using an output device in the secure computing environment of the first device, a request for approval to sign the first message (The TEE applet 208 then securely displays 387 the instruction to the service user 201 via a user device interface– Sprague: par. 0108); and 
receiving, using an input device in the secure computing environment of the first device, data indicative of approval to sign the first message (and, in response, receives secure input 388 from the service user 201 via the user device interface.  Newer TEE environments support trusted display and input in addition to trusted execution.  Trusted display enables a simple confirmation message, such as "confirm transaction amount," to be presented to an end user – Sprague: par. 0108); and 
wherein the determining the first signed message is responsive to the data indicative of approval (The TEE applet 208 then packages 389 the received input as a reply to the instruction and signs 390 the reply with the public key of the user device 205 (and may also encrypt the reply with the public key of the service provider 204) – Sprague: par. 0108-0109 - Note: TEE applet signs the instruction and the received input as a reply that is signed and sent to the service provider).
The same motivation to modify Maim in view of Sprague applied to claim 8 above applies here.

Per claim 14, Maim discloses the computer-implemented method of claim 5, wherein the one or more conditions have one or more limits described by one or more boundary values (Note: equivalent to proximity and influence spectrum to indicate a weight for selecting a candidate signatory WN), and Maim in view of Sprague further discloses wherein individual ones of the one or more boundary values are indicative of one or more of:
a type of asset, a type of transaction, a maximum number of signed messages within a specified interval of time, a maximum quantity of assets in a single transaction, a minimum quantity of assets in a single transaction, or a maximum quantity of assets transferred per interval of time (Access to the TEE applet 208 (trusted application) may be further controlled by business rules (external conditions) imposed by the authentication website 206 (e.g., in the access control list), such as number of executions allowed or active time period.  If all encumbrances/rules are met, the TEE applet 208 may then execute the instruction within the TEE (or primary OS) of the user device 205 and generate execution results…Once the smart contract or bitcoin application (via the transaction interrogation process) determines that specific level (e.g., number of transactions, amount of transactions, and such) of transactions is reached, the smart contract or bitcoin application stops accumulation of transactions in the attribute data and determines a persistent ownership right or replay right associated with the bitcoin wallet address – Sprague: par. 0066 or 0154).
The same motivation to modify Maim in view of Sprague applied to claim 8 above applies here.

Per claim 17, Maim discloses the method of claim 16.
Maim is not relied on to disclose but further in view of Sprague discloses further comprising:
determining, based on at least a portion of the one or more values, contact data (The TEE applet 208 decrypts 386 the instruction using the public key of the user device 205, and checks 386 the signature of the instruction against the public key of the service provider 204 preloaded at the user device TEE during the pairing ceremony, and any rules attached to the public key or in the access control list for the pairing – Sprague: par. 0108– Note: the signature of the instruction is checked against the public key of the service provider that has been preloaded at the user device TEE during the pairing ceremony);
presenting, using an output device in the secure computing environment of the first device, at least a portion of the contact data (The TEE applet 208 then securely displays 387 the instruction to the service user 201 via a user device interface – Sprague: par. 0108 – Note: “transaction amount” presented for the purpose of confirmation has to also include an id/identification or a name associated with the transaction); and 
receiving, using an input device in the secure computing environment of the first device, data indicative of approval to sign the first message (and, in response, TEE applet receives secure input from the service user 201 via the user device interface.  Newer TEE environments support trusted display and input in addition to trusted execution.  Trusted display enables a simple confirmation message, such as "confirm transaction amount," to be presented to an end user – Sprague: par. 0108); and 
wherein the determining the first signed message is responsive to the data indicative of approval (Trusted display enables a simple confirmation message, such as "confirm transaction amount," to be presented to an end user – Sprague: par. 0108).
The same motivation to modify Maim in view of Sprague applied to claim 8 above applies here.

3.	Claims 1-4 are rejected under 35 U.S.C. 103 as being unpatentable over Huxham, US2016/0149710A1 in view of Sprague, US2018/0254898A1, further in view of Maim, US2020/0387893A1.

Per claim 1, Huxham discloses a device (Embodiments of the invention provide for a mobile device (e.g. 312) and a communications device (e.g. 322) to be the same device.  For example, a user (e.g. 302) may use a single device, having a certificate store module (332) coupled thereto, to request a digital certificate from the remotely accessible server (340), authorize the release of the digital certificate from the certificate store module (332) and receive the digital certificate - Huxham: par. 0074) comprising:
a general computing environment (Fig. 1, Public Processing Unit - PPU) comprising: 
a network interface (Fig. 1, 142); 
a first memory storing computer-executable instructions (Fig. 1, Memory 114); 
a first processor in communication with the network interface and the first memory (Fig. 1, Processor 118), the first processor executing the computer-executable instructions to: 
establish communication with an external device using the network interface (The plurality of communication devices (322, 324, 326) and the plurality of mobile devices (312, 314, 316) are each in communication with the remotely accessible server (340) - Huxham: par. 0068 - Fig. 3); and 
a secure computing environment (Fig. 1, Secure Processing Unit – SPU) comprising: 
an output device (input/output (I/O) devices (such as a mouse, touchpad, keyboard, microphone, joystick, or the like) may couple to the computing device (900) either directly or via an I/O controller (935) - Huxham: par. 0122); 
an input device (I/O devices of Fig. 9-10); 
a tamper detection device (Fig. 1, Tamper detection sensors 124); 
a secure storage memory (Fig. 1, Secure memory 122); 
a second memory (Fig. 1, Secure memory 122) storing computer-executable instructions; and
a second processor in communication with the first processor, the input device (I/O devices of Fig. 9-10), the tamper detection device, and the second memory, the second processor executing the computer-executable instructions to: 
receive, from the first processor, a first message comprising one or more values (The PPU-to-SPU interface (110) is coupled to the SPU (104), and provides a set of signals that can include a clock signal and one or more data input/output (I/O) signals to send commands and information such as digital certificate requests or encryption and decryption requests to the SPU (104), and to receive commands and information such as digital certificates or encryption and decryption results from the SPU (104) -Huxham: par. 0055); 
Huxham is not relied on to disclose but Huxham in view of Sprague discloses compare the one or more values of the first message with one or more previously stored conditions (the service provider 204 may directly transmit the instruction to the user device 205.  The user device 205 receives the signed and/or encrypted instructions and the TEE applet 208, and may verify the instruction based rules (e.g., internal and external device conditions) in the access control list for the pairing, including rules attached to the service provider key used to sign the instruction – Sprague: par. 0065); 
determine the one or more values of the first message satisfy the one or more previously conditions (Once any attached rules are verified, if the instruction is signed, the TEE applet 208 verifies that the signature of the instruction matches the public key of the paired service provider 204.  The TEE applet 208 may access this public key stored in the TEE of the user device 205 or request this public key from the authentication website 206.  If the instruction is encrypted, the TEE applet 208 may also decrypt the instruction using the public key of the user device 205.  The service provider key 204 used to sign the instruction may be encumbered with restrictions (as specified in the access control list), such as requiring user acknowledgement or authorization from a remote process prior to execution of the instruction.  The restrictions may be coupled to the public key of the user device.  Without passing these encumbrances, the TEE applet 208 cannot execute the instruction.  Access to the TEE applet 208 (trusted application) may be further controlled by business rules (external conditions) imposed by the authentication website 206 (e.g., in the access control list), such as number of executions allowed or active time period.  If all encumbrances/rules are met, the TEE applet 208 may then execute the instruction within the TEE (or primary OS) of the user device 205 and generate execution results – Sprague: par. 0066); 
present, using the output device, a user interface requesting approval to sign the first message (The TEE applet 208 then securely displays 387 the instruction to the service user 201 via a user device interface- Sprague: par. 0108 – Note: instruction is provided to user to confirm transaction amount); 
receive, using the input device, user input (and, in response, the TEE applet 208 receives secure input 388 from the service user 201 via the user device interface.  Newer TEE environments support trusted display and input in addition to trusted execution.  Trusted display enables a simple confirmation message, such as "confirm transaction amount," to be presented to an end user- Sprague: par. 0108); 
Huxham discloses determine the user input is valid (If there is a match between the entered passcode and the offset, the certificate store module (432) releases the relevant digital certificate – Huxham: par. 0083); 
Huxham-Sprague is not relied on to disclose but Huxham-Sprague further in view of Maim discloses generate[ing], based at least in part on the one or more values and a private key stored in the secure storage memory, a second message that includes a first signature in a plurality of signatures that are required to approve a transaction (before emission of a message by the SoC, the SoC inserts the hash (#P1) of the program in the process of execution into the message to be emitted, as well as the signature of this hash, by means of said secret private key of the SoC – Maim: par. 0256; and 
send, to the first processor, the second message (before emission of a message by the SoC, the SoC enters the hash (#P1) of the program in the process of execution into the body of the message to be emitted which the SoC signs by means of the secret private key of the SoC – Maim: par. 0257)
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Huxham in view of Sprague to include compare[ing] one or more values of the first message with one or more previously stored conditions; determine[ing] the one or more values of the first message satisfy one or more conditions; present[ing], using the output device, a user interface requesting approval to sign the first message; receive[ing], using the input device, user input; determine[ing] the user input is valid.
One of ordinary skill in the art would have been motivated because it would allow to “requiring user acknowledgement or authorization from a remote process prior to execution of the instruction” Sprague: par. 0066. It would further allow to couple restrictions to the public key of the user device so that “Without passing these encumbrances, the TEE applet 208 cannot execute the instruction” Sprague: par. 0066.
Further, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Huxham-Sprague further in view of Maim to include generate[ing], based at least in part on the one or more values and a private key stored in the secure storage memory, a second message that includes a first signature in a plurality of signatures that are required to approve a transaction; and send[ing], to the first processor, the second message.
One of ordinary skill in the art would have been motivated because it would allow “to make wallet node type entities and secured unit type entities (TEE) cooperate together, specifically SGX type enclaves of Intel processors (hereinafter, the word "enclave" will describe such an enclave or generally any TEE).  Thanks to the hardware, the invention aims not only for the advantages of speed (consensus by blockchain is slow) and cost (transaction fees), but also qualitative advantages” Maim: par. 0006.

Per claim 2, Huxham-Sprague-Maim discloses the device of claim 1, the first processor executing the computer-executable instructions to:
send, using the network interface, the second message to a blockchain server, wherein the second message comprises a record for entry into a blockchain (If the instruction signature is verified, the methods and systems (e.g., via the trusted application in communication with the service provider application) execute the instruction within the trusted environment of the computing device to generate instruction results, and record the executed instruction on the block chain – Sprague: par. 0015).
The same motivation to modify Huxham-Sprague-Maim as applied to claim 1 above applies here.

Per claim 3, Huxham-Sprague-Maim discloses the device of claim 1, the secure computing environment further comprising:
a smart card interface in communication with the second processor (Embodiments of the invention provide for the SPU (104) and/or the PPU (102) to be a security integrated circuit such as those which may be found on a "chip and pin" credit card or smart card – Huxham: par. 0060); and 
the second processor executing the computer-executable instructions to: 
send, to a smart card coupled to the smart card interface, a second message to be signed (The PPU-to-SPU interface (110) is coupled to the SPU (104), and provides a set of signals that can include a clock signal and one or more data input/output (I/O) signals to send commands and information such as digital certificate requests or encryption and decryption requests to the SPU (104), and to receive commands and information such as digital certificates or encryption and decryption results from the SPU (104)… Embodiments of the invention provide for the SPU (104) and/or the PPU (102) to be a security integrated circuit such as those which may be found on a "chip and pin" credit card or smart card  – Huxham: par. 0055 and 0060); and 
Huxham-Sprague is not relied on to disclose but further in view of Maim discloses receive, from the smart card, a second signed message that has been signed based at least in part on data obtained from a physically unclonable function of the smart card (the SoC comprises a Crypto Memory Management Unit (CMMU) in which is stored--or is capable of being dynamically regenerated (PUF technology)--the secret key of the SoC which can only be accessed by the CMMU which never discloses it, and it is by this CMMU that the following actions are performed: … said generation of the program hash and [0262] said decryption for on-the-fly execution by at least one processor unit contained in the SoC; [0263] the CMMU encrypts and stores instruction block by instruction block and provides said processor with one block of decrypted instructions at a time, for them to be executed on the fly; [0264] before emission of a message by the SoC, the CMMU inserts the hash (#P1) of the program in the process of execution into the message to be emitted, as well as the signature of this hash by the CMMU, by means of said secret private key of the SoC – Maim: par. 0258 an 0262-0265); and 
wherein the second message includes the second signed message (before emission of a message by the SoC, the CMMU inserts the hash (#P1) of the program in the process of execution into the body of the message to be emitted that it signs by means of the secret private key of the SoC – Maim: par. 00265).
The same motivation to modify Huxham-Sprague-Maim as applied to claim 1 above applies here.

Per claim 4, Huxham-Sprague-Maim disclose the device of claim 1, the second processor executing the computer-executable instructions to:
determine tampering based at least in part on output from the tamper detection device (the tamper detection sensors (124) may include circuitry that can erase and wipe out the contents of the secure memory (122) to render the SPU (104) and/or the certificate store module (100) unusable in response to detecting an attempt to tamper with the certificate store module (100).  The certificate store module (100) can also be configured with organic or soluble interconnects that can be dissolved by a solvent released by the tamper detection sensors (124) in response to detecting an attempt to tamper with the certificate store module (100) – Huxham: par. 0059); and 
execute one or more instructions to: 
erase contents of the secure storage memory, erase at least a portion of the contents of the second memory, or disable the second processor (the tamper detection sensors (124) may include circuitry that can erase and wipe out the contents of the secure memory (122) to render the SPU (104) and/or the certificate store module (100) unusable in response to detecting an attempt to tamper with the certificate store module (100) –Huxham: par. 0059).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Maim (US2019/0013943A1) discloses a WN outsourcing processing operations to trusted computers (capable of returning a certification of authenticity and integrity of execution, such as computers provided with Intel microprocessor[s] having SGX enclaves) to make it possible to implement a knowledge transaction without trusted third parties directly and more simply than in the state of the art of the smart contracts.

Maim (US2019/0394025A1) discloses allowing trusted environments to cooperate with sensors and/or actuators without compromising this trust, make it possible to exploit smart contracts that will be able during their execution to generate control signals to actuators (locks, etc.) and/or to take as input signals provided by secure sensors, thus extending the universe of smart contracts to the entire economic chain (production, delivery of goods or services), while the state of the art in the field of smart contracts, based on a blockchain is limited to transactions of units of account, authentication, etc.

Maim (US2018/0041345A1) discloses use of at least one SoC as defined above for performing an anonymous identification from identity documents from which official signatures can be read.

Jacobs (US2020/0099518A1) discloses an interaction platform that generates a digital asset, signs the digital asset with one or more digital signatures based on one or more private keys and then provides the digital asset to the asset transfer network.

Bitauld (US2020/0036519A1) discloses smart contracts that self-execute the stipulations of an agreement when predetermined conditions are triggered.  Smart contract execution usually takes place in a distributed-computing network whose nodes are able to run the code, and therefore, publicly verify its outputs for the corresponding inputs. A smart contract may have a unique identifier which may be stored in an isolated processor according to embodiments of the present invention. An alliance is defined as the participant(s) of the smart contract.  The alliance may include one or more participants.  The code/program validated by the alliance through the smart contract may run on the isolated processor according to embodiments of the present invention.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533.  The examiner can normally be reached on Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571 - 272 - 3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/AREZOO SHERKAT/            Examiner, Art Unit 2434