DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Applicant's amendments filed on 01/19/2021 has been received and entered.  Currently Claims 1-2, 4-9, 11-16 and 18-20 are pending.

Response to Arguments
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.

Claim Objections
Claim 5 is objected to because of the following informalities:  the claim depends on canceled claim 3.  It is suggested to amend the claim to depend on claim 1.

  Claim 12 is objected to because of the following informalities:  the claim depends on canceled claim 10.  It is suggested to amend the claim to depend on claim 8.

Claim 19 is objected to because of the following informalities:  the claim depends on canceled claim 17.  It is suggested to amend the claim to depend on claim 15.

Appropriate corrections are required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:



Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation “wherein the first plugin is of a first type of plugin and the second plugin is of a second type of plugin”.  There is insufficient antecedent basis for the plugins in the claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-9, 11-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Roth et al. USPN9,584,517 hereinafter referred to as Roth, in view of Crane et al. USPN6,839,437 hereinafter referred to as Crane, and Roth et al. US2014/0229737 hereinafter referred to as Roth ‘737.
As per claim 1, Roth teaches a method comprising: receiving first and second requests from an application for a performance of respective first and second operations associated with a cryptographic key that is stored at a secure enclave (Roth col 5 lines 9-17, col 16 lines 50-65, col 17 lines 15-30, col 21 lines 35-40, col 22 lines 30-40, receive requests from an application to perform operations on data using a key stored in an enclave), 

wherein the second operation comprises generating, by the second application, the second output within the secure enclave based on the cryptographic key (Roth col 11 lines 5-20, col 16 lines 25-30, col 16 line 60 – col 17 line 50, col 21 lines 45-60, col 22 line 40 – col 23 line 25, col 23 lines 45-65, perform operations on data in the enclave using the key to produce an output.); and 
providing the first and second outputs generated within the secure enclave and based on the respective first and second applications to the application (Roth col 16 lines 25-35, col 17 lines 35-47, col 23 lines 10-25, provide output data to the requesting application).  
Roth does not explicitly disclose wherein the first plugin is of a first type of plugin and the second plugin is of a second type of plugin; 
identifying, by a processing device, first and second plugins specified by respective first and second requests for performance of respective first and second operations.
Crane teaches wherein the first plugin is of a first type of plugin and the second plugin is of a second type of plugin (Crane col 7 lines 20-40, plurality of plugins); 
identifying, by a processing device, first and second plugins specified by respective first and second requests for performance of respective first and second operations (Crane col 7 lines 20-40, identify and select the plugins that will handle the requested operations).

Roth in view of Crane does not explicitly disclose wherein operation comprises generating, by an application, output based on one or more conditions identified by the application for a cryptographic key.
Roth ‘737 teaches wherein operation comprises generating, by an application, output based on one or more conditions identified by the application for a cryptographic key (Roth ‘737 paragraph [0134]-[0135], [0147], [0159]-[0160], generating output based on conditions).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Roth in view of Crane with the teachings of Roth ‘737 to include verifying requested operations based on policies and keeping track of key operations counts in order to enforce specific constraints on the usage of the key and refresh the key after a threshold number of operations.

As per claim 2, Roth in view of Crane and Roth ‘737 teaches the method of claim 1, wherein the intermediate output is not transmitted from the secure enclave (Roth col 11 lines 5-20, col 16 lines 25-30, col 16 line 60 – col 17 line 50, col 21 lines 45-60, col 22 line 40 – col 23 line 25, col 23 lines 45-65, perform operations on data in the enclave using the key to produce an output. Data/information are protected within the enclave).  

As per claim 4, Roth in view of Crane and Roth ‘737 teaches the method of claim 1, further comprising: determining whether the one or more conditions identified by the second plugin have been satisfied, wherein the second output that is generated within the secure enclave corresponds to an output of the second operation when the one or more conditions have been satisfied (Roth col 16 lines 25-30, col 16 line 60 – col 17 line 50, col 21 lines 45-60, col 22 line 40 – col 23 line 25, col 23 lines 45-65, generating output; Crane col 7 lines 20-40; Roth ‘737 paragraph [0134]-[0135], [0147], [0159]-[0160]).  
As per claim 5, Roth in view of Crane and Roth ‘737 teaches the method of claim 3, wherein the one or more conditions correspond to a number of times that the cryptographic key has been used in operations, a type of the second operation that is to be performed, a type of data to be used in the performance of the second operation, or an indication of whether a response has been received from an external network server (Roth ‘737 paragraph [0134]-[0135], [0147], [0159]-[0160]).  

As per claim 6, Roth in view of Crane and Roth ‘737 teaches the method of claim 1, further comprising: in response to the performing of the first and second operations associated with the cryptographic key by using the respective first and second plugins, updating state information of at least one of the first and second plugins based on at least one of the respective first and second operations associated with the cryptographic key (Roth col 16 line 60 – col 17 line 50, col 21 lines 45-60, col 22 line 40 – col 23 line 25, col 23 lines 45-65; Crane col 7 lines 20-40; Roth ‘737 paragraph [0160], [0163], [0166], update key counters).  

As per claim 7, Roth in view of Crane and Roth ‘737 teaches the method of claim 6, wherein the state information of the at least one of the first and second plugins identifies a number of operations performed based on the at least one of the first and second plugins (Roth col 16 line 60 – col 17 line 50, col 21 lines 45-60, col 22 line 40 – col 23 line 25, col 23 lines 45-65; Crane col 7 lines 20-40; Roth ‘737 paragraph [0160], [0163], [0166], update key counters).  

As per claims 8-9, 11-16 and 18-20, the claims claim a system and a non-transitory computer readable medium essentially corresponding to the method claims 1-2 and 4-7 above, and they are rejected, at least for the same reasons.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HENRY TSANG/Primary Examiner, Art Unit 2495