DETAILED ACTION
This office action is in response to applicant’s communication dated 11/16/2020. If needed, this communication is herein referred to as “Amendment”. 
The Amendment was in response to examiner's non-final office action dated 6/15/2020. If needed, this office action is herein referred to as “Previous OA”.
Any citation of the instant specification is as published in US Patent Application Publication 20170359333.
Herein, for prior art mapping, where the examiner explains that a reference(s) does not teach a limitation(s), the specific claim language that is not taught by the reference(s) is/are enclosed within double quotes. 

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Information Disclosure Statement - Not Considered
The information disclosure statement filed 11/16/2020 fails to comply with 37 CFR 1.98(a)(3)(i) because it does not include a concise explanation of the relevance, as it is presently understood by the individual designated in 37 CFR 1.56(c) most knowledgeable about the content of the information, of each reference listed that is not in the English language. It has been placed in the application file, but the information referred to therein has not been considered.

Claims’ Status
Claims 1-20 are pending and are currently being examined.

Response to Amendment
Provisional Statutory Double Patenting Rejection
	The Provisional SDP Rejection of claims 1, 3, 5-8, 11-13, 15, and 18-20 was removed due to abandonment of previously co-pending application 13/995,555. 

102/103 Rejections
Applicant's 102/103 arguments filed 11/16/2020 have been fully considered but they are not persuasive. See the specific applicant arguments and examiner’s responses below:

102/103 Argument 1:
	‘None of the cited portions of Chang teach or suggest an indication of a possible security compromise of a main OS. For example, the cited portion of Page 6 mentions a "conversion signal" and notes "The above-described conversion signal may be automatically recognized, or may be authorized depending on the intention of the user intending to use the Internet financial transaction service." Such description includes not teaching or suggestion of an indication of a possible security compromise of a main OS as set forth in claim 1. The cited portion of page 2 states: "The present invention also provides a system that can basically eliminate a hacking possibility from occurring or being expected to occur in an Internet financial transaction service, and can 

102/103 Response 1:
	The examiner respectfully disagrees. It is identified in Chang, as the applicant acknowledged above, that Chang’s intention is to “basically eliminate a hacking possibility from occurring or being expected to occur in an Internet financial transaction service”. From this, it should be clear to a person having ordinary skill in the art that Chang realizes that when an Internet financial transaction service occurs, there is an “expected” (or “potential”) risk of exposure to hacking (or “compromise”) of information stored in the PC’s memory (like operating system application information). See Chang Pgs 1:32-2:3. This clearly suggests that invoking a financial transaction service is “an indication of a possible security compromise”. Also, the risk of exposure to hacking is necessarily applicable to “the first OS” (main OS), since Chang addresses the hacking risk by switching from using a first OS to using a second (special) OS, which only include programs necessary for the financial transaction (Chang Pgs 6:28-7:13). If the Chang would have no reason to address the hacking risk by switching from a first OS to a second (limited/special) OS.

102/103 Argument 2:
	The applicant also relies on the 103 arguments above to further allege the patentability of claim(s) 1 and/or remaining claim(s). (Amendment, Pg(s) 7)

102/103 Response 2:
	The examiner respectfully disagrees at least for the same reasons provided in the above 103 responses and/or in the below 103 rejection section.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.

Claim(s) 1-2, 4-5, 8-11, 14-18 are rejected under 35 U.S.C. 102(b) as being anticipated by Chang (WO 2009/064048) because the invention was patented or described in a printed publication in this or a foreign country, or in public use or on sale in this country more than one (1) year prior to the application for patent in the United States.

	As per claims 1, 8 and 15, Chang teaches one or more non-transitory computer-readable storage devices having instructions stored thereon (and respective device and method) which, when executed by at least one processor, result in operations for context-based switching to a secure operating system (OS), the operations comprising (Apparatus 100, 200, 400 or 500, FIGs. 1-2, 4 or 500):
	identify a switching event (a signal for switching) (Pg 6:19-27), 
wherein the switching event corresponds to an indication of a possible security compromise of a main OS (Pg 6:13-27, the signal may be correspond to a user intending to use a financial transaction service; Pg 2:15-18, a hacking possibility, i.e., a “an indication of a possible security comprise of a main OS”, is expected in a financial transaction service);
	and switch from the main OS to the secure OS (deactivate first OS and execute second OS) responsive to identifying the switching event (Pgs 6:28-7:13), 
wherein the secure OS is executing in a trusted execution environment (TEE) isolated from the main OS (Pgs 14:15-15:1, describes 

	As per claims 2, 9 and 16, Chang teaches the one or more non-transitory computer-readable storage devices of claim 1, the device of claim 8, and method of claim 15, wherein the instructions resulting in the operation identify a switching event, wherein the switching event corresponds to an indication of a possible security compromise of a main operating system (OS), when executed by the at least one processor, result in operations comprising:
	identify one or more secure operations to be executed, wherein execution of the one or more secure operations in the main OS corresponds to an indication of a possible security compromise of the main OS (Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction service using the secure OS, necessarily occurs after identifying one or more secure operations to be executed. “Secure operations” is herein interpreted as operations effectuated using the secure OS.). 
	
	As per claims 4, 10 and 17, Chang teaches the one or more non-transitory computer-readable storage devices of claim 2, the device of claim 9, and method of 
	execute the secure operations in the secure OS (Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction service using the secure OS, necessarily occurs after identifying one or more secure operations to be executed. “Secure operations” is herein interpreted as operations effectuated using the secure OS.)

	As per claims 5, 11 and 18, Chang teaches the one or more non-transitory computer-readable storage devices of claim 4, the device of claim 10, and method of claim 17,  further comprising additional instructions which, when executed by the at least one processor, result in further operations comprising:
	switch from the secure OS to the main OS (Chang, FIG. 7 at S708). 

	As per claim 14, Chang teaches the device of claim 8, wherein the device comprises one of a smart phone, a tablet computer, a laptop computer (notebook PC), or a desktop computer (Pg 6:13-15). 

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject 

Claim 3 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009/064048) as applied to claim 2 above, and further in view of Hoy (US Patent Application Publication 20130318594).

As per claim 3, Chang teaches the one or more non-transitory computer-readable storage devices of claim 2, wherein the instructions resulting in the operation identify one or more secure operations to be executed, when executed by the at least one processor, result in operations comprising:
	monitor access to a web site (Pg 10:16-26, FIG. 7 at S702, determination unit 402 determines whether the authorized web site address is an access-permitted web site address, i.e., “monitor access to one or more web sites”; also see Pgs 14:1-10/15-24 and 15:17-20);
	[…]. 
	Chang further teaches that a certain web sites of financial institutions may be authorized for effectuating financial transaction services (Pg 10:16-26).
Chang doesn’t directly teach “compare the web site to a list of web sites” and “identify one or more secure operations to be executed based, at least in part, on a result of the comparison”. 
However, Hoy, in an analogous art of protection of computer systems from injurious software (Par 2), teaches the concept of a system that uses, at least in part, a whitelist of trusted websites, to help defend against internet security threats, such as malware that can infect an operation system (Pars. 34 and 57).
Hoy, to modify the storage devices method of Chang, to include “compare the web site to a list of web sites” and “identify one or more secure operations to be executed based, at least in part, on a result of the comparison”, because this would improve the efficiency of the storage device, by being able to adjust security measures and the use of pertinent resources need for security based on websites that lists.

Claim(s) 6, 12 and 19 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009/064048) as applied to claims 1, 8 and 15 above, and further in view of Covey (US Patent Application Publication 20090240923).

	As per claims 6, 12 and 19, Chang teaches the one or more non-transitory computer-readable storage devices of claim 1, the device of claim 8, and method of claim 15.
Chang doesn’t directly teach “wherein the TEE is isolated from the main OS via memory access protection”. 
However, Covey, in an analogous art of data security in electronic devices (Par 1), teaches the concept of a trusted execution environment that includes memory access protection for sensitive data (Par 27). 
Therefore, it would have been obvious to a person having ordinary skill in the art, Covey, to modify the storage device, device and method of Chang to include “wherein the TEE is isolated from the main OS via memory access protection”, because this would lead to the predictable result of more secure devices/method that is arranged to protect sensitive data stored memory.

Claim(s) 7, 13 and 20 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009/064048) as applied to claims 1, 8 and 15 above, and further in view of Owen (US Patent Application Publication 20120011354).

	As per claims 7, 13 and 20, Chang teaches the one or more non-transitory computer-readable storage devices of claim 1, the device of claim 8, and method of claim 15. 
Chang doesn’t directly teach “wherein the secure OS is accessed via read-only memory”.
However, Owen, in an analogous art of a device for establishing secure computing environment (Abstract), teaches “the fact that the memory module 34, which stores the secure operating system 35, is read-only or otherwise write-protected makes the secure operating system 35 resistant to malware threats, since malicious software cannot be saved to the read-only memory module, or otherwise incorporated into the secure operating system 35” (Par 23).
Therefore, it would have been obvious to a person having ordinary skill in the art, Owen, to modify the second OS in Chang to include “wherein the secure OS is accessed via read-only memory”, because this would lead to the predictable result of more secure devices/method that make the second OS resistant to malware threats (Owen, Par 23).
 
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Below is a list of these references, including why they are pertinent:
Spitz (US Patent Application Publication 20140007120) also teaches/suggest identify a switching event, wherein the switching event corresponds to an indication of a possible security compromise of a main OS; and switch from the main OS to the secure OS responsive to identifying the switching event, wherein the secure OS is executing in a trusted execution environment (TEE) isolated from the main OS (see at least Par 10).
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GABRIEL S MERCADO whose telephone number is (408)918-7537.  The examiner can normally be reached on Mon-Fri 8am-5pm (Eastern Time).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/Gabriel Mercado/Examiner, Art Unit 3685                                                                                                                                                                                                        

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685