DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1. The following is a non-Final Office Action in response to applicant’s arguments/filing filed on October 24, 2018

Claims 5 and 6 are objected to Claims 1-4 and 7-10 are pending


Drawings
Acknowledgment is made of applicant’s drawings submitted on 10/24/2018.

Oath/Declaration
Acknowledgment is made of applicant’s oath submitted on 10/24/2018

Application Data Sheet
Acknowledgment is made of applicant’s application data sheet submitted on 10/24/2018.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date

1.) Claim 10 is rejected under 35 U.S.C. 102(a)(2) as being anticipated by US 20180241572, Miele
 	In regards to claim 10, Miele teaches a central processing unit (CPU) based state consistency protection system, the system at least comprising a first central processing unit(see US 20180241572, Miele, fig. 5, client, where the client device implicitly has a 1st CPU) and a second central processing unit(see US 20180241572, Miele, fig. 5, server, where the client device implicitly has a 2nd CPU), both of which support creation of at least one enclave(see US 20180241572, Miele, fig. 5, steps 502 and 514, client and server enclaves) 	wherein the first central processing unit communicates with the second central processing unit, the second central processing unit providing services for the first central processing unit through remote communication(see US 20180241572, Miele, para. 0005 and fig. 4, where a client[i.e. 1st CPU] enclave is established and a remote server[i.e. 2nd CPU] enclave authentication is used by an attestation service[i.e. module] to attest to an SGX enabled platform), the remote communication including at least a secure cryptographic channel(see US 20180241572, Miele, para. 0045, where a secure communication channel[i.e. cryptographically protected] may be used in the authentication of enclaves); 	the system being characterized in: modifying a remote attestation protocol at base layers of the first central processing unit and the second central processing unit to facilitate the completion of every execution state storing operation and execution state restoring operation(see US 20180241572, Miele, para. 0027 and 0047, where the SGX enclave may be used to store and read[i.e. restore] data[e.g. state] from an execution of an application), wherein the remote attestation protocol is a base-layer attestation mechanism protocol based on an attestation instruction of the first central processing unit and the second central processing unit, and is for the first central processing unit to prove to the second central processing unit that it has created the specific enclave in a local platform so that the second central processing unit trusts the specific enclave(see US 20180241572, Miele, para. 0005 and fig. 5, where an IAS may be used to attest[e.g. attestation mechanism protocol] that a particular enclave of the client[1st CPU] may be trusted by the server[i.e. 2nd CPU); and 	wherein each execution state storing operation and each execution state restoring operation use the secure cryptographic channel(see US 20180241572, Miele, para. 0045, where a secure communication channel[i.e. cryptographically protected] may be used in the authentication of enclaves).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

2.) Claims 1, 2, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180241572, Miele in view of US 20180212971, Costa and further in view of US 20120117419, Hillman
 	In regards to claim 1, Miele teaches a method of state consistency protection for a central processing unit capable of creating enclaves, wherein the method of state consistency protection involves Intel software guard extension (SGX) installed on the central processing unit, wherein the central processing unit supports creation of at least one enclave, and wherein, the central processing unit communicates with a remote server providing sendees for the central processing unit through remote (see US 20180241572, Miele, para. 0005 and fig. 1, where an enclave is established and a remote enclave authentication is used by an attestation service[i.e. module] to attest to an SGX enabled platform), the remote communication including at least a secure cryptographic channel(see US 20180241572, Miele, para. 0045, where a secure communication channel[i.e. cryptographically protected] may be used in the authentication of enclaves); the method comprising:configuring the remote attestation module to facilitate the completion of every execution state storing operation and every execution state restoring operation(see US 20180241572, Miele, para. 0027 and 0047, where the SGX enclave may be used to store and read[i.e. restore] data from an execution of an application);  	each execution state storing operation further comprising:when an execution state of a specific enclave is to be stored in the central processing unit, calculating a hash value of the execution state to he stored, the specific enclave sending the hash value of the execution state to be stored and a corresponding state storing request to the remote attestation module through the secure cryptographic channel established during remote attestation(see US 20180241572, Miele, fig. 5, steps 504, 512, 518, where the generated hash information from the SGX enclave implicitly requests and broadcast[i.e. sent] to the enclave of the server for validation[i.e. attestation] and storage), and the specific enclave, according to a response of the remote attestation module to the state storing request, performing state storing or error handling(see US 20180241572, Miele, para. 0003 and 0005, where in response to an attestation response from an attestation service, broadcast to one or more server-side enclaves, wherein the enclave provides a secure environment for storage);  	if the hash value of the latest state is identical to the hash value of the present execution state, determining that the present execution state is the latest state, and ending the execution state restoring operation(see US 20180241572, Miele, fig. 5, steps 520 and 524, where a matching hash value results in data[e.g. execution state] acceptance), 	wherein, the remote attestation is an attestation mechanism by which the central processing unit proves to the remote server that it has created the specific enclave in a local platform so that the remote server trusts the specific enclave(see US 20180241572, Miele, para. 0005, where an IAS may be used to attest that a particular enclave may be trusted by other enclaves), 	Miele does not teach each execution state restoring operation further comprising: when the stored state of the specific enclave is to be restored, preliminarily restoring a stored state as a present execution state and then calculating a hash value of the present execution state,initiating a remote attestation request from the specific enclave, the remote attestation module sending a hash value of the latest state it stores, and comparing the hash value of the latest state it stores with the hash value of present execution state, 	However, Costa teaches each execution state restoring operation further comprising: (see US 20180212971, Costa, para. 0105 and 0132, where a previous saved set of enclave CPU register values are restored, wherein an enclave abstraction may provide a hash function for hashing enclave information),initiating a remote attestation request from the specific enclave, the remote attestation module sending a hash value of the latest state it stores, and comparing the hash value of the latest state it stores with the hash value of present execution state(see US 20180212971, Costa, para. 0051 and fig. 5, where an attestation is implicitly requested when an attestation message is sent to the client enclave, wherein the message contains the hash of the initial state that will be compared to an independently known value) 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Miele with the teaching of Costa because a user would have been motivated to include a hardware security module, taught by Costa, into the enclave, taught by Miele, in order to provide an enhanced level of data security(see Costa, para. 0003); and 	the combination of Miele and Costa do not teach if the hash value of the latest state is different from the hash value of the present execution state, continuing to attempt to restore the next stored state of the specific enclave 	However, Hillman teaches if the hash value of the latest state is different from the hash value of the present execution state, continuing to attempt to restore the next  (see US 20120117419, Hillman, para. 0048, where a system restores a processing state as a result of hashes not matching). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Miele and Costa with the teaching of Hillman because a user would have been motivated to apply the error correction methods, taught by Hillman, in order to remedy any errors in the hash value taught by the combination of Miele and Costa(see Hillman, para. 0011)
 	In regards to claim 2, the combination of Miele, Costa, and Hillman teach the method of claim 1, wherein the remote attestation module is configured to: 	establish the secure cryptographic channel between the specific enclave and the remote server(see US 20180241572, Miele, para. 0045, where a secure communication channel may be established between enclaves) and attest: (a) integrity of codes in the specific enclave(see US 20180241572, Miele, para. 0045, where code and data may be protected in the enclave), (b) a serial number of the specific enclave(see US 20180241572, Miele, para. 0046, where an hardware enhance privacy ID[EPID] may be used to identify the individual platform), (c) an initiation number of the specific enclave(see US 20180241572, Miele, fig. 5, step 508, where a quote[i.e. initiation number] is generated pertaining to the enclave), and (d) the hash value of the execution state to be stored(see US 20180241572, Miele, fig. 5, step 504, where a hash value is computed for the enclave data information), 	upon completion of the execution state storing operation, record the serial number of the specific enclave, the initiation number of the specific enclave, and the hash value of the execution state to he stored(see US 20180212971, Costa, para. 0051, where an enclave stores a record of the attestation message that includes initial state information, a hash value), and after the specific enclave has been initially created and initialized, correspondingly generate an initial initiation number, wherein the initiation number is incrementally set for each subsequent time of state storing, and upon completion of the execution state restoring operation(see US 20180212971, Costa, para. 0134, where a counter may be incremented to indicate each time the state of the enclave has be read[e.g. restored]), feed back the hash value of the latest state and the initiation number of the latest state according to the serial number of the specific enclave(see US 20180212971, Costa, para. 0051, where an enclave identity[i.e. serial number] may be based on the initial state, wherein a hash of the initial state may be used instead). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Miele and Costa with the teaching of Hillman because a user would have been motivated to apply the error correction methods, taught by Hillman, in order to remedy any errors in the hash value taught by the combination of Miele and Costa(see Hillman, para. 0011)
 	In regards to claim 9, Miele teaches a communication system, comprising a first communication terminal and a second communication terminal, 	wherein the first communication terminal having a first central processing unit(see US 20180241572, Miele, fig. 5, client, where the client device implicitly has a 1st CPU) and the second communication terminal having a second central processing unit(see US 20180241572, Miele, fig. 5, server, where the client device implicitly has a 2nd CPU), and both of the central processing units supporting creation of at least (see US 20180241572, Miele, para. 0005 and fig. 4, where a client[i.e. 1st CPU] enclave is established and a remote server[i.e. 2nd CPU] enclave authentication is used by an attestation service[i.e. module] to attest to an SGX enabled platform), the remote communication including at least a secure cryptographic channel(see US 20180241572, Miele, para. 0045, where a secure communication channel[i.e. cryptographically protected] may be used in the authentication of enclaves); the communication system being characterized in: the remote attestation module is configured to facilitate the completion of every execution state storing operation and execution state restoring operation(see US 20180241572, Miele, para. 0027 and 0047, where the SGX enclave may be used to store and read[i.e. restore] data from an execution of an application); wherein each execution state storing operation comprises: when an execution state of a specific enclave is to be stored in the first central processing unit, calculating a hash value of the execution state to be stored, the specific enclave sending the hash value of the execution state to be stored and a corresponding state storing request to the remote attestation module through a secure cryptographic channel established during remote attestation(see US 20180241572, Miele, fig. 5, steps 504, 512, 518, where the generated hash information from[i.e. stored] the SGX enclave implicitly requests and broadcast[i.e. sent] to the enclave of the server for validation[i.e. attestation] and storage), and the specific enclave, according to a response of the remote attestation module to the state storing request, performing state storage or error handling(see US 20180241572, Miele, para. 0003 and 0005, where in response to an attestation response from an attestation service, broadcast to one or more server-side enclaves, wherein the enclave provides a secure environment for storage);  	wherein, the remote attestation is an attestation mechanism by which the first central processing unit proves to the second communication terminal that it has created the specific enclave in a local platform so that the second communication terminal trusts the specific enclave(see US 20180241572, Miele, para. 0005, where an IAS may be used to attest that a particular enclave may be trusted by other enclaves); 	 	Miele does not teach wherein each execution state restoring operation comprises: when the stored state of the specific enclave is to be restored, preliminarily restoring a stored state as a present, execution state and then calculating a hash value of the present execution state, 	initiating a remote attestation request from the specific enclave, the remote attestation module sending a hash value of the latest state it stores, and comparing the hash value of the latest state it stores with the hash value of present execution state, 	However, Costa teaches wherein each execution state restoring operation comprises: when the stored state of the specific enclave is to be restored, preliminarily restoring a (see US 20180212971, Costa, para. 0105 and 0132, where a previous saved set of enclave CPU register values are restored, wherein an enclave abstraction may provide a hash function for hashing enclave information), 	initiating a remote attestation request from the specific enclave, the remote attestation module sending a hash value of the latest state it stores, and comparing the hash value of the latest state it stores with the hash value of present execution state(see US 20180212971, Costa, para. 0051 and fig. 5, where an attestation is implicitly requested when an attestation message is sent to the client enclave, wherein the message contains the hash of the initial state that will be compared to an independently known value), 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Miele with the teaching of Costa because a user would have been motivated to include a hardware security module, taught by Costa, into the enclave, taught by Miele, in order to provide an enhanced level of data security(see Costa, para. 0003); 	the combination of Miele and Costa do not teach if the hash value of the latest state is different from the hash value of the present execution state, continuing attempting to restore the next stored state of the specific enclave 	However, Hillman teaches if the hash value of the latest state is different from the hash value of the present execution state, continuing attempting to restore the next stored state of the specific enclave (see US 20120117419, Hillman, para. 0048, where a system restores a processing state as a result of hashes not matching). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Miele and Costa with the teaching of Hillman because a user would have been motivated to apply the error correction methods, taught by Hillman, in order to remedy any errors in the hash value taught by the combination of Miele and Costa(see Hillman, para. 0011).
 	3.) Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over US 20180241572, Miele in view of US 20180212971, Costa and further in view of US 20120117419, Hillman and further in view of US 20170329530, Lakshman 	In regards to claim 3, the combination of Miele, Costa, and Hillman teach the method of claim 1. The combination of Miele and Costa do not teach wherein after the remote attestation module receives the hash value of the execution state to be stored and the state storing request, 	the remote attestation module checks if the hash value of the execution state to be stored exists in the remote server or not, and  	if the hash value of the execution state to he stored does not exist, it accepts the state storing request, and 	if the hash value of the execution state to be stored already exists, it rejects the state storing request and reports back that the execution state already exists 	However, Lakshman teaches wherein after the remote attestation module receives the hash value of the execution state to be stored and the state storing (see US 20170329530, Lakshman, fig. 7, step 512, where a determination is made on whether a MD5 hash exists), and  	if the hash value of the execution state to he stored does not exist, it accepts the state storing request(see US 20170329530, Lakshman, fig. 7, step 516, when the MD5 hash does not exist, a write of the block operation is permitted), and 	if the hash value of the execution state to be stored already exists, it rejects the state storing request and reports back that the execution state already exists(see US 20170329530, Lakshman, fig. 7, step 524 and para. 0048, where the MD5 hash exists, no write is performed[i.e. storing rejected] and the query table receives results on whether or not an MD5 hash exists). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Miele, Costa, and Hillman with the teaching of Lakshman because a user would have been motivated to utilize the storage techniques, taught by Lakshman, in order to provide efficient storage utilization of the enclaves used by the combination of Miele, Costa, and Hillman(see Lakshman, para. 0006)
4.) Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over US 20180241572, Miele in view of US 20180212971, Costa and further in view of US 20120117419, Hillman and further in view of US 20170329530, Lakshman and further in view of US 20140012940, Joshi and further in view of US 20070136593, Plavcan
(see US 20180241572, Miele, para. 0005, where the server enclave stores hash information), incrementally sets the initiation number and then stores the initiation number(see US 20180212971, Costa, para. 0134, where the counter increments a value when state information is read and the value is subsequently saved), and 	the combination of Miele, Costa, Hillman, and Laksham do not teach wherein after the remote attestation module accepts the state storing request, the specific enclave sends a state-having-heen-stored mark to the remote server through three-way handshaking, and 	if the three-way handshaking is successful, the specific enclave and the remote server confirm completion of the state storing of the specific enclave 	However, Joshi teaches wherein after the remote attestation module accepts the state storing request, the specific enclave sends a state-having-heen-stored mark to the remote server through three-way handshaking(see US 20140012940, Joshi, para. 0047 and fig. 1, where a handshake protocol  may be used between the cache an a plurality of virtual machines), and 	if the three-way handshaking is successful, the specific enclave and the remote server confirm completion of the state storing of the specific enclave(see US 20140012940, Joshi, fig. 7, step 704, where data[i.e. state] is determined to be stored based on tag[i.e. mark] information), (see Joshi, para. 0038), and 	the combination of Miele, Costa, Hillman, and Joshi do not teach if the three-way handshaking has failed for a predetermined number of rounds, the specific enclave deletes the stored state of the specific enclave for the present time, and the remote attestation module deletes the hash value of the execution state to be stored 	However, Plavcan teaches if the three-way handshaking has failed for a predetermined number of rounds, the specific enclave deletes the stored state of the specific enclave for the present time, and the remote attestation module deletes the hash value of the execution state to be stored (see US 20070136593, Plavcan, para. 0022, where a count is maintained for each unsuccessful login attempt and the data is erased after a predetermined number of failure attempts). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Miele, Costa, Hillman,  Lakshman, and Joshi with the teaching of Plavcan because a user would have been motivated to use the secure information storage, taught by Plavcan, in order to enhance security of the enclaves, taught by the combination of Miele, Costa, Hillma, and Joshi, in order to provide improved enclave data protection(see Plavcan, para. 0018)

 	In regards to claim 7, the combination of Miele, Costa, Hillman, Lakshman, Joshi, and Plavcan teach the method of any of claim 4. The combination of Miele, Costa, Hillman, Lakshman, Joshi, and Plavcan do not teach wherein the method further comprises:after communication between the specific enclave and the remote attestation module has been established, the specific enclave and the remote attestation module agreeing on a time-out period for each message during their communication according to a network delay status of the present communication and a. first significance of the specific enclave, in order to resend the corresponding message when a confirmation of the corresponding message has not been received after the time-out period agreed on 	However, Mityagin teaches wherein the method further comprises:after communication between the specific enclave and the remote attestation module has been established, the specific enclave and the remote attestation module agreeing on a time-out period for each message during their communication according to a network delay status of the present communication and a. first significance of the specific enclave, in order to resend the corresponding message when a confirmation of the corresponding message has not been received after the time-out period agreed (see US 20160105283, Mityagin, para. 0089, when a predetermined period of time[i.e. time-out period] has elapsed after sending a confirmation message and without receiving an acknowledgment message, a confirmation message is resent). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Miele, Costa, Hillman, Lakshman, Joshi, and Plavcan with the teaching of Mityagin because a user would have been motivated to apply a rotating security key technique, taught by Mityagin, in order to enhance enclave security in the system taught by the combination of Miele, Costa, Hillman, Lakshman, Joshi, and Plavcan(see Mityagin, para. 0007)
6.) Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over US 20180241572, Miele in view of US 20180212971, Costa and further in view of US 20120117419, Hillman and further in view of US 20170329530, Lakshman and further in view of US 20140012940, Joshi and further in view of US 20070136593, Plavcan and further in view of US 20160105283, Mityagin and further in view of US 5842210, Chen 
 	In regards to claim 8, the combination of Miele, Costa, Hillman, Lakshman, Joshi, Plavcan, and Mityagin teach the method of claim 7. The combination of Miele, Costa, Hillman, Lakshman, Joshi, Plavcan, and Mityagin do not teach wherein the step of the specific, enclave and the remote attestation module agreeing on a time-out period for each message during their communication according to a network delay status of the present communication and/or a first significance of the specific enclave further  (see US 5842210, Chen, fig. 7, step 714, where an agreed upon predetermined time values between two entities are stored). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Miele, Costa, Hillman, Lakshman, Joshi, Plavcan, and Mityagin with the teaching of Chen because a user would have been motivated to improve the information validation method used in the SGX system, taught by the combination of Miele, Costa, Hillman, Lakshman, Joshi, Plavcan, and Mityagin by reducing the amount of information needed to perform data verification(see Chen, col. 1, lines 34-49)  	


Allowable subject matter
Claim 5 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/GREGORY A LANE/                                              Examiner, Art Unit 2438                                                                                                                                                                                                                                                                                                                                                                  


/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438