DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 11/19/2020 has been received and considered.
Claims 1-7, 9-20, 22-33, 35-47 and 49-55 are pending.
This action is Final.
Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 10/23/2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, an initialed and dated copy of the Applicant’s IDS form 1449 filed on 10/23/2020 is attached to this office action. 
Response to Arguments
3.	Applicant's arguments filed 11/19/2020 have been fully considered but they are not persuasive. Applicant argues that regarding independent claims 1, 12, 25, 29 and 38, Hook in view of Lal and Martin fail to teach “the secure enclave is a hardware feature of a processor that controls execution of trusted code by: retrieving from memory encrypted trusted code and encrypted data; decrypting the trusted code and the data; and storing the decrypted trusted code and data in memory that is accessible only by the secure enclave.”
	With respect to this argument, as disclosed below, Martin in paragraph [0035] discloses loading code and data from an encrypted source into a secure enclave using a trusted loader. In addition, paragraph [0019] discloses a trusted execution platform with attestation capabilities including an Intel.RTM secure enclave. In paragraph [0085], Martin discloses decrypting trusted code within the secure enclave and sealing or storing the data in the memory enclave.
Therefore, Hook in view of Lal and Martin teach the claimed limitations and thereby the dependent claims. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


4. 	Claims 1-7, 9-20, 22-24, 29-33, 35-47 and 49-51 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. US 2014/0164776 A1 to Hook, (hereinafter, “Hook”), in view of US Pub. No. US 2015/0304736 A1 to Lal, (hereinafter, “Lal”) and in further view of US Pub. No. US 2015/0347768 A1 to Martin, (hereinafter, “Martin”), as disclosed in IDS on 12/09/2016.
As per claim 1, Hook teaches a method performed by a computing system for providing a first key of a first device to a second device for performing a cryptographic action on behalf of an owner of the first key (Hook, para. [0129] discloses “A first user (e.g. User 200) who wishes to establish a trusted relationship with a second user (e.g. User 201), provides an initial key (e.g. key A or certificate U1) to the second user.” And para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob transiting intermediate systems (independent of application, network topology or operating system) using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1). The second user thus provides the second encrypted key to the first user.” Furthermore, para. [0115] discloses “Throughout this specification, the word `user` may comprise an `agent` and/or an application associated with content.” And para. [0114] discloses an option of agent comprising a network connected device.), the method comprising:
accessing a second key of the second device (Hook, para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob transiting intermediate systems (independent of application, network topology or operating system) using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1). The second user thus provides the second encrypted key to the first user.”); 
the second device is an edge server of a content delivery network and the first device is a key server of a customer of the content delivery network whose content is delivered by the content delivery network (Hook, para. [0109] discloses “each agent may act as a server e.g. a certificate server, a key server etc”, para. [0114] discloses “Throughout this specification, the word `agent`, without limitation, comprises a user, an application…a network connected device... Examples comprise, without limitation…communications agent(s), cryptographic agent(s), interface agent(s), etc.” and para. [0115] “Throughout this specification, the word `user` may comprise an `agent` and/or an application associated with content.” Furthermore, para. [0144] discloses “The sharing of content may be facilitated and/or enabled by an intermediate service, such as remote services (further defined below). There may be any number of intermediate and/or remote services in any location (further defined below). Sharing may involve any form of sharing, collaborating, transferring, exchanging, communicating, conveying, interacting etc.”).
receiving from the second device a quote generated by a secure enclave, the quote attesting to code of the secure enclave (Hook, para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob” and para. [0612] discloses “a user (e.g. User1 301), via their agent (e.g. Agent 340) may generate a key, known as a Passphrase Recovery Code (PRC) (quote) and use it to encrypt their passphrase into an encrypted file or data or "blob" known as an Encrypted Passphrase Blob (EPB) (secure enclave).” Furthermore, para. [0205] discloses “the agent may generate an encrypted passphrase blob (EPB) using a passphrase recovery code (PRC)… In the manual case, a first user (e.g. User1 301) may contact a second user (e.g. User2 302) who has been given the PRC or has access to it via their passphrase-recovery box and ask them to provide the PRC…Once the first user has obtained the PRC, their agent (e.g. Agent 340) may recover the passphrase from the EPB” And para. [0613] discloses “The EPB may be stored locally alongside the keystore and/or with other agent data”);
encrypting the first key using the second key (Hook, para. [0135] discloses “using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1)”); 

Hook teaches all the limitations of claim 1 above, however fails to explicitly teach, but Lal teaches:
 the secure enclave is a hardware feature of a processor that controls execution of trusted code (Lal, para. [0057] discloses a memory enclave of a secure processing environment is made up of at least one memory page associated with read/write controls of an associated processor. An example of a suitable memory enclave is disclosed using INTEL.TM. secure enclave technology which provides a secure enclave as a part of an Intel processor.)
verifying the quote to ensure that the code of the secure enclave is trusted code; and after the quote is verified, sending to the second device the encrypted first key (Lal, para. [0060] discloses “A quoting module local to or remote from the client may verify the integrity of the signed report by verifying the authenticity of the digital signature applied thereto. Upon verification of the digital signature applied to the enclave report, the quoting module may generate an enclave quote and sign the quote with a quote signing key using a second digital signature protocol that is the same or different from the first digital signature protocol.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lal’s technologies for hardening the security of digital information on client platforms into Hook’s cryptographic method and system, with a motivation to protect digital information as it is provided to, stored on, accessed on, and/or processed for display by a client device, even if the client device may be infested with malware or subject to attack by another entity (Lal, Abstract lines 8-12). 
The combination of Hook and Lal teach all the limitations of claim 1 above, however fail to explicitly teach, but Martin teaches:
the secure enclave is a hardware feature of a processor that controls execution of the trusted code by retrieving from memory encrypted trusted code and encrypted data (Martin, para. [0035] “code and/or data from an encrypted source may be installed into an enclave by first loading a trusted loader into the enclave. Once the enclave is running, this loader can then be used to install secret code/data (e.g., encrypted text, audio, and/or video) into the enclave.” And para.);
decrypting the trusted code and the data; and storing the decrypted trusted code and data in memory that is accessible only by the secure enclave (Martin, para. [0085] “The method may then proceed to element 411, wherein the CPM instructions when executed may cause node 101 to verify the authenticity of MSG4. For example, where MSG4 is signed with node 102's private key (e.g., Spriv), the CPM instructions when executed may cause node 101 to verify the authenticity of the signature using a corresponding public key (e.g., Spub). Alternatively or additionally, if MSG4 is encrypted with Cpub, the CPM instructions when executed may cause node 101 to decrypt MSG4 within memory enclave 304 using a corresponding private key (e.g., Cpriv). In this way, the whitelist ID may be obtained by node 101 within memory enclave 304 and thus protected from malware. The CPM instructions may also cause node 101 to seal the whitelist ID to memory enclave 304, e.g., by encrypting the whitelist ID with memory enclave 304's enclave key.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Martin’s use of a secure enclave in policy-based trusted inspection into Lal’s technologies for hardening the security of digital information on client platforms and Hook’s cryptographic method and system, with a motivation to protect the distribution of sensitive digital information (Martin, para. [0003]). 
As per claim 2, the combination of Hook, Lal and Martin teach the method of claim 1 wherein the second key is a public key of a public/private key pair of the second device (Hook, para. [0135] discloses “The second user provides a second encrypted key…using the second user's own key (public key) (e.g. Key U2) encrypted with the initial key (e.g. Key U1)… The first user is able to decrypt the second encrypted key by using the initial key or an associated key such as a private key associated with the initial key.” Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 3, the combination of Hook, Lal and Martin teach the method of claim 2 further comprising receiving a public key certificate of the second key (Hook, para. [0130] discloses “the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.”).

As per claim 4, the combination of Hook, Lal and Martin teach the method of claim 2 wherein the public/private key pair of the second device is ephemeral (Hook, 5.4.8 “Emphemeral Communications” discloses in para. [1022] “embodiments of the present invention may store encrypted data locally and facilitate its erasure by destroying keys.” Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”). 

As per claim 5, the combination of Hook, Lal and Martin teach the method of claim 1 wherein the first key is a private key of a public/private key pair of the first device (Hook, para. [0130] discloses “the first user may send the second user an encrypted key (e.g. Encrypted Contact 250), which may exist as an encrypted blob…The second user may decrypt using the bootstrap key to decrypt the received encrypted blob in order to obtain the initial key (e.g. U1).” Therefore, since the first key is decrypted this indicates use of a private key. Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 6, the combination of Hook, Lal and Martin teach the method of claim 5 further comprising sending to the second device a public key certificate of the first device (Hook, para. [0129] discloses “A first user (e.g. User 200) who wishes to establish a trusted relationship with a second user (e.g. User 201), provides an initial key (e.g. key A or certificate U1) to the second user.” Furthermore, para. [0130] discloses “The initial key may be provided in many different forms and/or many different ways. For example, the first user may send the second user an encrypted key (e.g. Encrypted Contact 250), which may exist as an encrypted blob transiting intermediate and/or cloud systems, and also the first user makes contact with the second user out-of-band with the associated bootstrap key (e.g. key A). As another example, the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.”).

As per claim 7, the combination of Hook, Lal and Martin teach the method of claim 1 wherein the second key is a symmetric key shared by the code of the secure enclave and the first device (Hook, para.[0048] discloses “a method of, apparatus and/or application adapted to provide at least one symmetric key between at least two agents in a computer network, the first key being used to enable access to encrypted information in a data store, comprising enabling a first agent to obtain a first key; the first agent enables the second agent to obtain the first key; the second agent using the first key to access the encrypted information; and the first agent managing the lifecycle of the keys used to enabled access to the encrypted information.” Furthermore, para. [0113] discloses “Throughout this specification, the word "key", without limitation, comprises any representation used in association with or operable on an encryption algorithm that enables encryption or decryption of information. Examples comprise, without limitation, cryptographic keys, symmetric key(s)…”).

As per claim 9, the combination of Hook, Lal and Martin teach the method of claim 1 wherein the first key is provided to a plurality of edge servers of the content delivery network so that each edge server can accept a Transport Layer Security ticket to resume a session regardless of which edge server generated the ticket (Hook, para. [0283] discloses “Communications between end systems (edge servers) (e.g. End System 310, End System 350) and the system services may use communications security such as Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS), Online Certificate Status Protocol (OCSP) etc. Authentication with one or more of the facility services may use mutual authentication, such as mutual or client-side SSL/TLS.” And para. [0301] discloses “A repository service may limit access to information through the use of access controls and/or associated Attribute Certificates AC(s) (ticket). An AC may be issued by a box owner granting certain privileges to that box…When used, ACs may be passed at the beginning of a session or may be provided at the time a request is made.” Furthermore, para. [0532] discloses “Attribute Certificates (ACs) may be used for privileges or permissions. In this case, a repository service may verify an SSL certificate for a session on connection (session)” and para. [0534] “AC's may be issued by an agent or external attribute certificate server (e.g. Certificate Services 392) or a third party PKI. Attribute certificates may be revoked, for example, using an OCSP service. Note that such a revocation service may be a convenience and differs from a regular CA in that attribute certificates may be signed by user credentials such as their registrar private key, not a CA key, so the central location is just to provide somewhere where revocation messages may be stored.”).

As per claim 10, the combination of Hook, Lal and Martin teach the method of claim 1 further comprising, after sending the encrypted first key to the second device, receiving from the second device a renewal request for the first key when a compromised criterion is not satisfied, sending to the second device a notification of renewal (Hook, para. [0459] discloses “Certificate Updates may be requested (pulled) by agents, especially if the agent suspects that it does not have the latest certificate(s) from another agent. For example, in the case that an agent receives a task for which it does not have a certificate which can validate any of the signatures.”); and 
(Hook, para.[0310] discloses “Certificates may need to be signed on setup of an agent and/or may be re-issued or renewed after revocation or expiry…There may also be certificates for system services such as a revocation service, a temporary access service etc. Because certificates may be distributed client-side, such as via agents, the certificate signing service may not need to publish any certificates that it signs, effectively making any issued certificate a private certificate. The certificate signing services may have policies, such as relating to settings, behaviours, restrictions and/or notifications…Notifications may include rules about what to send e.g. warning(s) about expiring certificates, when to send e.g. at decreasing periods as the expiry gets closer, how to send e.g. via email, SMS or other type of notification, etc.”).

As per claim 11, the combination of Hook, Lal and Martin teach the method of claim 1 wherein the second device uses the first key to establish a Transport Layer Security session with a client on behalf of the owner of the first key (Hook, para. [0283] discloses “Communications between end systems (edge servers) (e.g. End System 310, End System 350) and the system services may use communications security such as Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS), Online Certificate Status Protocol (OCSP) etc. Authentication with one or more of the facility services may use mutual authentication, such as mutual or client-side SSL/TLS.” Furthermore, para.[0533] discloses “Privileges may be granted via a member, for example by the owner, generating an appropriate AC signed by their registrar credential (private key). The AC may be short lived which may avoid the need for revocation support…The user may issue an AC to a recipient, for example via their contact box. The AC may cover any permission, such as, to invite a user to a box, allow creation of clients, read a file, write a file, delete a file, rename a file etc…”).

As per claim 12, Hook teaches a method performed by a computing system for obtaining a first key of a first device for performing a cryptographic action by a second device on behalf of an owner of the first key (Hook, para. [0129] discloses “A first user (e.g. User 200) who wishes to establish a trusted relationship with a second user (e.g. User 201), provides an initial key (e.g. key A or certificate U1) to the second user.” And para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob transiting intermediate systems (independent of application, network topology or operating system) using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1). The second user thus provides the second encrypted key to the first user.”), the method comprising:
under control of a secure enclave of the second device, the second device is an edge server of a content delivery network and the first device is a key server of a customer of the content delivery network whose content is delivered by the content delivery network (Hook, para. [0109] discloses “each agent may act as a server e.g. a certificate server, a key server etc”, para. [0114] discloses “Throughout this specification, the word `agent`, without limitation, comprises a user, an application…a network connected device... Examples comprise, without limitation…communications agent(s), cryptographic agent(s), interface agent(s), etc.” and para. [0115] “Throughout this specification, the word `user` may comprise an `agent` and/or an application associated with content.” Furthermore, para. [0144] discloses “The sharing of content may be facilitated and/or enabled by an intermediate service, such as remote services (further defined below). There may be any number of intermediate and/or remote services in any location (further defined below). Sharing may involve any form of sharing, collaborating, transferring, exchanging, communicating, conveying, interacting etc.”).
(Hook, para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob” and para. [0612] discloses “a user (e.g. User1 301), via their agent (e.g. Agent 340) may generate a key, known as a Passphrase Recovery Code (PRC) (quote) and use it to encrypt their passphrase into an encrypted file or data or "blob" known as an Encrypted Passphrase Blob (EPB) (secure enclave).” Furthermore, para. [0205] discloses “the agent may generate an encrypted passphrase blob (EPB) using a passphrase recovery code (PRC)… In the manual case, a first user (e.g. User1 301) may contact a second user (e.g. User2 302) who has been given the PRC or has access to it via their passphrase-recovery box and ask them to provide the PRC…Once the first user has obtained the PRC, their agent (e.g. Agent 340) may recover the passphrase from the EPB” And para. [0613] discloses “The EPB may be stored locally alongside the keystore and/or with other agent data”);
directing that the quote be sent to the first device (Hook, para. [0215] discloses “Agents (e.g. in End System 310, End System 350) may interact via protocols (e.g. Protocols 360). This interaction may be direct or indirect. Direct interactions include direct connections, peer-to-peer systems, file transfer systems, physical means or any other suitable method of transport.”);
receiving from the first device the first key of the first device, which is encrypted with a second key of the second device (Hook, para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob transiting intermediate systems (independent of application, network topology or operating system) using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1). The second user thus provides the second encrypted key to the first user.”);
decrypting the first key based on encryption with the second key (Hook, para. [0135] discloses “The first user is able to decrypt the second encrypted key by using the initial key or an associated key such as a private key associated with the initial key.”); and

Hook teaches all the limitations of claim 12 above, however fails to explicitly teach, but Lal teaches:
the secure enclave is a hardware feature of a processor that controls execution of trusted code (Lal, para. [0057] discloses a memory enclave of a secure processing environment is made up of at least one memory page associated with read/write controls of an associated processor. An example of a suitable memory enclave is disclosed using INTEL.TM. secure enclave technology which provides a secure enclave as a part of an Intel processor.)

storing the decrypted first key within the secure enclave so that the decrypted first key is not accessible outside of the secure enclave (Lal, para. [0149] discloses “Consistent with the security model of FIG. 1B, digital information 907 may be encrypted with first encryption protocol using one or more information encryption keys hereinafter referred to as I.sub.key. License 908 may therefore include one or more keys for decrypting the encrypted digital information, optionally in combination with one or more information access policies governing access to the encrypted digital information. The cipher text of digital information 907 may be stored in within a memory of client 101, and may optionally be sealed by client 101 to memory enclave 304, e.g. using secure enclave 304's enclave key (E.sub.key). Digital information 907 may thus be protected by encryption as it is provided to client 101 and stored on client 101.” Furthermore, para.[0062] discloses “The memory enclave described herein may also be configured to allow data to be sealed to the enclave. In some embodiments, data may be sealed to a memory enclave using a sealing protocol. In some embodiments, the sealing protocol seals the data to an enclave by encrypting it with an enclave sealing key, which may be stored within the enclave or in another secure location. Because the enclave that sealed the data may be the only entity with knowledge of the enclave sealing key, it may be the only entity capable of unsealing the data.”).
(Lal, Abstract lines 8-12). 
The combination of Hook and Lal teach all the limitations of claim 12 above, however fail to explicitly teach, but Martin teaches:
the secure enclave is a hardware feature of a processor that controls execution of the trusted code by retrieving from memory encrypted trusted code and encrypted data (Martin, para. [0035] “code and/or data from an encrypted source may be installed into an enclave by first loading a trusted loader into the enclave. Once the enclave is running, this loader can then be used to install secret code/data (e.g., encrypted text, audio, and/or video) into the enclave.” And para.);
decrypting the trusted code and the data; and storing the decrypted trusted code and data in memory that is accessible only by the secure enclave (Martin, para. [0085] “The method may then proceed to element 411, wherein the CPM instructions when executed may cause node 101 to verify the authenticity of MSG4. For example, where MSG4 is signed with node 102's private key (e.g., Spriv), the CPM instructions when executed may cause node 101 to verify the authenticity of the signature using a corresponding public key (e.g., Spub). Alternatively or additionally, if MSG4 is encrypted with Cpub, the CPM instructions when executed may cause node 101 to decrypt MSG4 within memory enclave 304 using a corresponding private key (e.g., Cpriv). In this way, the whitelist ID may be obtained by node 101 within memory enclave 304 and thus protected from malware. The CPM instructions may also cause node 101 to seal the whitelist ID to memory enclave 304, e.g., by encrypting the whitelist ID with memory enclave 304's enclave key.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Martin’s use of a secure enclave in policy-based trusted inspection into Lal’s technologies for hardening the security of digital information on client platforms and Hook’s cryptographic method and system, with a motivation to protect the distribution of sensitive digital information (Martin, para. [0003]). 
As per claim 13, the combination of Hook, Lal and Martin teach the method of claim 12 further comprising:
under control of the secure enclave of the second device, receiving from untrusted code of the second device a request to perform a cryptographic action on data (Hook, para.[0734] discloses “a "protocol" may be used to establish bilateral trusted relationships which may include the encrypted exchange of certificates. This may make use of an out-of-band verification between a first user and a second user. This verification process may enable a vetting process for example to establish proof of identity. It may also facilitate a communication protocol between the first and the second user with the use of a contact code. The code may be used as part of an introduction message or introduction request to encrypt part of the communications and may make use of an underlying remote service. An introduction acceptance may use the certificate of the first user to encrypt the response by the second user.” Furthermore, para. [0125] discloses “security and privacy may be achieved in a more decentralised system including relatively untrusted environment(s) by empowering users to manage credentials, certificates and/or keys on the client-side and control the access to data and keys themselves by the use of encryption applied to the data as well as the keys.”);
(Hook, para.[0352] discloses “The content may be encrypted (e.g. Encrypt 426) preferably using a wrapping key or content key (e.g. Wrap 425). The content key may be encrypted by a box key (e.g. from Permit 442). The encrypted content key (ECK) may be appended or prepended to the encrypted content or be stored separately e.g. added (e.g. Store 427) to the meta-data (e.g. Meta-data 403). In other embodiments of the present invention the encryption of the content and/or the content key may be performed using any other suitable key, such as a community key (e.g. Community Key 445) or box key or a certificate.”); and 
providing the resulting data to the untrusted code (Hook, para. [0353] discloses “The encrypted content (e.g. Encrypted File 401) may be uploaded (e.g. Upload 423) to a remote service (e.g. Remote Services 370). The first agent may use a repository service to obtain information about which remote service to use and/or notify other users that content has been uploaded. A reference to the encrypted content may be as simple as a Uniform Resource Identifier (URI) or Uniform Resource Locator (URL) for example to a public area of a "cloud" or other remote service.”).	
As per claim 14, the combination of Hook, Lal and Martin teach the method of claim 12 wherein the cryptographic action is either to decrypt or to encrypt data (Hook, para.[0056] discloses “there is provided a method of, apparatus and/or application adapted to manage encrypted information in a data store by an intended user, comprising providing the intended user with a key, providing the intended user with cryptographic authorisation and the authorisation being necessary to communicate with the data store.” Furthermore, para. [0113] discloses “Throughout this specification, the word "key", without limitation, comprises any representation used in association with or operable on an encryption algorithm that enables encryption or decryption of information.”).

As per claim 15, the combination of Hook, Lal and Martin teach the method of claim 12 wherein the cryptographic action is either create or to verify a digital signature (Hook, para. [0136] discloses “At this point, the first and the second users have both undertaken mutual decryption and/or verification, for example using a digital signature, from the other user which may be used to confirm the handshake process. Also, both users are in possession of keys (e.g. U1 and U2) which enables a cryptographically secure channel between them.”).

As per claim 16, the combination of Hook, Lal and Martin teach the method of claim 12 wherein the second key is a public key of a public/private key pair of the second device (Hook, para. [0135] discloses “The second user provides a second encrypted key…using the second user's own key (public key) (e.g. Key U2) encrypted with the initial key (e.g. Key U1)… The first user is able to decrypt the second encrypted key by using the initial key or an associated key such as a private key associated with the initial key.” Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 17, the combination of Hook, Lal and Martin teach the method of claim 16 further comprising sending to the first device a public key certificate for the second key (Hook, para. [0130] discloses “the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.”).

As per claim 18, the combination of Hook, Lal and Martin teach the method of claim 12 wherein the first key is a private key of a public/private key pair of the first device (Hook, para. [0130] discloses “the first user may send the second user an encrypted key (e.g. Encrypted Contact 250), which may exist as an encrypted blob…The second user may decrypt using the bootstrap key to decrypt the received encrypted blob in order to obtain the initial key (e.g. U1).” Therefore, since the first key is decrypted this indicates use of a private key. Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 19, the combination of Hook, Lal and Martin teach the method of claim 18 further comprising receiving a public key certificate of the first device (Hook, para. [0129] discloses “A first user (e.g. User 200) who wishes to establish a trusted relationship with a second user (e.g. User 201), provides an initial key (e.g. key A or certificate U1) to the second user.” Furthermore, para. [0130] discloses “[0130] The initial key may be provided in many different forms and/or many different ways. For example, the first user may send the second user an encrypted key (e.g. Encrypted Contact 250), which may exist as an encrypted blob transiting intermediate and/or cloud systems, and also the first user makes contact with the second user out-of-band with the associated bootstrap key (e.g. key A). As another example, the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.”).

As per claim 20, the combination of Hook, Lal and Martin teach the method of claim 12 wherein the second key is a symmetric key shared by the code of the secure enclave and the first device (Hook, para.[0048] discloses “a method of, apparatus and/or application adapted to provide at least one symmetric key between at least two agents in a computer network, the first key being used to enable access to encrypted information in a data store, comprising enabling a first agent to obtain a first key; the first agent enables the second agent to obtain the first key; the second agent using the first key to access the encrypted information; and the first agent managing the lifecycle of the keys used to enabled access to the encrypted information.” Furthermore, para. [0113] discloses “Throughout this specification, the word "key", without limitation, comprises any representation used in association with or operable on an encryption algorithm that enables encryption or decryption of information. Examples comprise, without limitation, cryptographic keys, symmetric key(s)…”).

As per claim 22, the combination of Hook, Lal and Martin teach the method of claim 12 further comprising, after receiving the first key, sending to the first device a renewal request for the first key renewal (Hook, para. [0459] discloses “Certificate Updates may be requested (pulled) by agents, especially if the agent suspects that it does not have the latest certificate(s) from another agent. For example, in the case that an agent receives a task for which it does not have a certificate which can validate any of the signatures.”); and 
when a notification of renewal is received, continuing to use the first key; and when a notification of renewal is not received, suppressing use of the first key (Hook, para. [0310] discloses “A certificate signing service may be used to sign certificates generated by an agent. Certificates may need to be signed on setup of an agent and/or may be re-issued or renewed after revocation or expiry. The certificate signing services may have policies, such as relating to settings, behaviours, restrictions and/or notifications. Notifications may include rules about what to send e.g. warning(s) about expiring certificates, when to send e.g. at decreasing periods as the expiry gets closer, how to send e.g. via email, SMS or other type of notification, etc.” and para.[0463] discloses “If a user renews their certificate(s), the Certificate Update task may be signed using the expiring registrar certificate.” Furthermore, para.[0467] discloses “If client certificates need to be renewed, then the owner or delegated administrator or privileged member may distribute the new credentials (pairs of private key and renewed certificate) to the other parent box users e.g. directly or via a meta box, and/or leave a message in the client's home box indicating that new credentials are available.” And para.[0468] discloses “If a client is deleted then that client's box may be deleted or marked as deleted. In addition, the client may be revoked which may involve and/or cause any associated boxes to be deleted, such as their home box and/or their credential backup box, as well as any associated authorisations.”).

As per claim 23, the combination of Hook, Lal and Martin teach the method of claim 12 wherein the code of the secure enclave is provisioned with access credential and further comprising receiving an encryption request to encrypt using the first key that includes a proffered credential, and when the proffered credential matches the access credential, performing the encryption using the first key (Hook, para. [0750] discloses “Users may control who they trust by following through on the make contact process. Note that a first user need not be highly concerned about the details in a certificate offered by a second user. This is because the certificates mainly serve the purpose of securing an identifiable channel between two users. Thus a user may only need to be confident that the other party has a corresponding private key which they keep private.” Furthermore, para. [0219] discloses “All or part of each task or protocol interaction may be signed and/or encrypted. Signing may use a signing credential such as their system signing or registrar private key. Encryption may use an encryption credential of the intended recipient or Password Based Encryption (PBE).”).

As per claim 24, the combination of Hook, Lal and Martin teach the method of claim 23 further comprising, under control of the secure enclave, requesting confirmation from the first device that the (Hook, para.[0455] discloses “In operation, an agent may extend transactions and/or perform other relevant processing in order to provide decentralised certificate life-cycle management. For example, any one or any combination of the following may be performed: [0456] Signing certificates may be sent along with any message, task or confirmation, for example, in case signing certificates are in the process of being renewed.” Furthermore, para.[0458] discloses “Certificate Updates may be initiated (pushed) to multiple agents. For example, if rolling over certificate(s) in the case they've been renewed or refreshing certificates in the case an agent wants to ensure contacts have the latest certificates.” And para. [0468] discloses “If a client is deleted then that client's box may be deleted or marked as deleted. In addition, the client may be revoked which may involve and/or cause any associated boxes to be deleted, such as their home box and/or their credential backup box, as well as any associated authorisations.”).

As per claim 29, Hook teaches a key server for providing a private key of the key server to an edge server for performing cryptographic actions on behalf of an owner of the private key when establishing a session with a client (Hook, para. [0156] discloses “The ability to manage keys may enable a relatively large number of encryption applications. Key management is enabled because each agent effectively becomes a key server.”), the key server comprising: a computer-readable storage medium storing computer-executable instructions that, when executed, cause the key server to: 
access a key of a secure enclave of the edge server (Hook, para. [0205] discloses “Once the first user has obtained the PRC, their agent (e.g. Agent 340) may recover the passphrase from the EPB and unlock their keystore.”);
Hook, para. [0109] discloses “each agent may act as a server e.g. a certificate server, a key server etc”, para. [0114] discloses “Throughout this specification, the word `agent`, without limitation, comprises a user, an application…a network connected device... Examples comprise, without limitation…communications agent(s), cryptographic agent(s), interface agent(s), etc.” and para. [0115] “Throughout this specification, the word `user` may comprise an `agent` and/or an application associated with content.” Furthermore, para. [0144] discloses “The sharing of content may be facilitated and/or enabled by an intermediate service, such as remote services (further defined below). There may be any number of intermediate and/or remote services in any location (further defined below). Sharing may involve any form of sharing, collaborating, transferring, exchanging, communicating, conveying, interacting etc.”).
receive from the edge server a quote generated by the secure enclave of the edge server, the quote attesting to code of the secure enclave (Hook, para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob” and para. [0612] discloses “a user (e.g. User1 301), via their agent (e.g. Agent 340) may generate a key, known as a Passphrase Recovery Code (PRC) (quote) and use it to encrypt their passphrase into an encrypted file or data or "blob" known as an Encrypted Passphrase Blob (EPB) (secure enclave).” Furthermore, para. [0205] discloses “the agent may generate an encrypted passphrase blob (EPB) using a passphrase recovery code (PRC)… In the manual case, a first user (e.g. User1 301) may contact a second user (e.g. User2 302) who has been given the PRC or has access to it via their passphrase-recovery box and ask them to provide the PRC…Once the first user has obtained the PRC, their agent (e.g. Agent 340) may recover the passphrase from the EPB” And para. [0613] discloses “The EPB may be stored locally alongside the keystore and/or with other agent data”);
(Hook, para. [0135] discloses “The second user provides a second encrypted key, which may exist as an encrypted blob transiting intermediate systems (independent of application, network topology or operating system) using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1).using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1)… The first user is able to decrypt the second encrypted key by using the initial key or an associated key such as a private key associated with the initial key.” Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”); and
a processor that executes the computer-executable instructions stored in the computer-readable storage medium (Hook, para.[1030] discloses “Various embodiments of the invention may be embodied in many different forms, including computer program logic for use with a processor (e.g., a microprocessor, microcontroller, digital signal processor, or general purpose computer), programmable logic for use with a programmable logic device (e.g., a Field Programmable Gate Array (FPGA) or other PLD), discrete components, integrated circuitry (e.g., an Application Specific Integrated Circuit (ASIC)), or any other means including any combination thereof. In an exemplary embodiment of the present invention, predominantly all of the communication between users and the server is implemented as a set of computer program instructions that is converted into a computer executable form, stored as such in a computer readable medium, and executed by a microprocessor under the control of an operating system.”).

Hook teaches all the limitations of claim 29 above, however fails to explicitly teach, but Lal teaches:
 (Lal, para. [0057] discloses a memory enclave of a secure processing environment is made up of at least one memory page associated with read/write controls of an associated processor. An example of a suitable memory enclave is disclosed using INTEL.TM. secure enclave technology which provides a secure enclave as a part of an Intel processor.)
verifying the quote to ensure that the code of the secure enclave is trusted code; and after the quote is verified, send to the edge server the encrypted private key (Lal, para. [0060] discloses “A quoting module local to or remote from the client may verify the integrity of the signed report by verifying the authenticity of the digital signature applied thereto. Upon verification of the digital signature applied to the enclave report, the quoting module may generate an enclave quote and sign the quote with a quote signing key using a second digital signature protocol that is the same or different from the first digital signature protocol.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lal’s technologies for hardening the security of digital information on client platforms into Hook’s cryptographic method and system, with a motivation to protect digital information as it is provided to, stored on, accessed on, and/or processed for display by a client device, even if the client device may be infested with malware or subject to attack by another entity (Lal, Abstract lines 8-12). 
The combination of Hook and Lal teach all the limitations of claim 29 above, however fail to explicitly teach, but Martin teaches:
the secure enclave is a hardware feature of a processor that controls execution of the trusted code by retrieving from memory encrypted trusted code and encrypted data (Martin, para. [0035] “code and/or data from an encrypted source may be installed into an enclave by first loading a trusted loader into the enclave. Once the enclave is running, this loader can then be used to install secret code/data (e.g., encrypted text, audio, and/or video) into the enclave.” And para.);
decrypting the trusted code and the data; and storing the decrypted trusted code and data in memory that is accessible only by the secure enclave (Martin, para. [0085] “The method may then proceed to element 411, wherein the CPM instructions when executed may cause node 101 to verify the authenticity of MSG4. For example, where MSG4 is signed with node 102's private key (e.g., Spriv), the CPM instructions when executed may cause node 101 to verify the authenticity of the signature using a corresponding public key (e.g., Spub). Alternatively or additionally, if MSG4 is encrypted with Cpub, the CPM instructions when executed may cause node 101 to decrypt MSG4 within memory enclave 304 using a corresponding private key (e.g., Cpriv). In this way, the whitelist ID may be obtained by node 101 within memory enclave 304 and thus protected from malware. The CPM instructions may also cause node 101 to seal the whitelist ID to memory enclave 304, e.g., by encrypting the whitelist ID with memory enclave 304's enclave key.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Martin’s use of a secure enclave in policy-based trusted inspection into Lal’s technologies for hardening the security of digital information on client platforms and Hook’s cryptographic method and system, with a motivation to protect the distribution of sensitive digital information (Martin, para. [0003]). 

As per claim 30, the combination of Hook and Lal teach the key server of claim 27-29 wherein the key of the edge server is a public key of a public/private key pair of the edge server (Hook, para. [0135] discloses “The second user provides a second encrypted key…using the second user's own key (public key) (e.g. Key U2) encrypted with the initial key (e.g. Key U1)… The first user is able to decrypt the second encrypted key by using the initial key or an associated key such as a private key associated with the initial key.” Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 31, the combination of Hook and Lal teach the key server of claim 30 wherein the computer-executable instructions further cause the key server to receive a public key certificate for the public key of the edge server (Hook, para. [0130] discloses “the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.”).

As per claim 32, the combination of Hook and Lal teach the key server of claim 29 wherein the computer-executable instructions further cause the key server to send a public key certificate for the public key corresponding to the private key of the key server (Hook, para. [0130] discloses “the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.” Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 33, the combination of Hook and Lal teach the key server of claim 29 wherein the key of the edge server is a symmetric key shared by the code of the secure enclave and the key server (Hook, para.[0048] discloses “a method of, apparatus and/or application adapted to provide at least one symmetric key between at least two agents in a computer network, the first key being used to enable access to encrypted information in a data store, comprising enabling a first agent to obtain a first key; the first agent enables the second agent to obtain the first key; the second agent using the first key to access the encrypted information; and the first agent managing the lifecycle of the keys used to enabled access to the encrypted information.” Furthermore, para. [0113] discloses “Throughout this specification, the word "key", without limitation, comprises any representation used in association with or operable on an encryption algorithm that enables encryption or decryption of information. Examples comprise, without limitation, cryptographic keys, symmetric key(s)…”).


As per claim 35, the combination of Hook and Lal teach the key server of claim 34 wherein a-an session encryption key is provided to a plurality of edge servers of the content delivery network so that each edge server can accept a Transport Layer Security ticket to resume a session regardless of which edge server generated the ticket (Hook, para. [0283] discloses “Communications between end systems (edge servers) (e.g. End System 310, End System 350) and the system services may use communications security such as Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS), Online Certificate Status Protocol (OCSP) etc. Authentication with one or more of the facility services may use mutual authentication, such as mutual or client-side SSL/TLS.” And para. [0301] discloses “A repository service may limit access to information through the use of access controls and/or associated Attribute Certificates AC(s) (ticket). An AC may be issued by a box owner granting certain privileges to that box…When used, ACs may be passed at the beginning of a session or may be provided at the time a request is made.” Furthermore, para. [0532] discloses “Attribute Certificates (ACs) may be used for privileges or permissions. In this case, a repository service may verify an SSL certificate for a session on connection (session)” and para. [0534] “AC's may be issued by an agent or external attribute certificate server (e.g. Certificate Services 392) or a third party PKI. Attribute certificates may be revoked, for example, using an OCSP service. Note that such a revocation service may be a convenience and differs from a regular CA in that attribute certificates may be signed by user credentials such as their registrar private key, not a CA key, so the central location is just to provide somewhere where revocation messages may be stored.”).

As per claim 36, the combination of Hook and Lal teach the key server of claim 29 wherein the computer-executable instructions further cause the key server to, after sending the encrypted private key to the edge server, receive from the edge server a renewal request for the private key; when a compromised criterion is not satisfied, send to the edge server a notification of renewal (Hook, para. [0459] discloses “Certificate Updates may be requested (pulled) by agents, especially if the agent suspects that it does not have the latest certificate(s) from another agent. For example, in the case that an agent receives a task for which it does not have a certificate which can validate any of the signatures.”); and 
when the compromised criterion is satisfied, suppressing the sending of the notification of renewal (Hook, para.[0310] discloses “Certificates may need to be signed on setup of an agent and/or may be re-issued or renewed after revocation or expiry…There may also be certificates for system services such as a revocation service, a temporary access service etc. Because certificates may be distributed client-side, such as via agents, the certificate signing service may not need to publish any certificates that it signs, effectively making any issued certificate a private certificate. The certificate signing services may have policies, such as relating to settings, behaviours, restrictions and/or notifications…Notifications may include rules about what to send e.g. warning(s) about expiring certificates, when to send e.g. at decreasing periods as the expiry gets closer, how to send e.g. via email, SMS or other type of notification, etc.”).

As per claim 37, the combination of Hook and Lal teach the key server of claim 29 wherein the edge server uses the private key to establish a Transport Layer Security session with a client on behalf of the owner of the private key (Hook, para. [0283] discloses “Communications between end systems (edge servers) (e.g. End System 310, End System 350) and the system services may use communications security such as Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS), Online Certificate Status Protocol (OCSP) etc. Authentication with one or more of the facility services may use mutual authentication, such as mutual or client-side SSL/TLS.” Furthermore, para.[0533] discloses “Privileges may be granted via a member, for example by the owner, generating an appropriate AC signed by their registrar credential (private key). The AC may be short lived which may avoid the need for revocation support…The user may issue an AC to a recipient, for example via their contact box. The AC may cover any permission, such as, to invite a user to a box, allow creation of clients, read a file, write a file, delete a file, rename a file etc…”).

As per claim 38, Hook teaches an edge server for obtaining a private key of a key server for performing a cryptographic action on behalf of an owner of the private key when establishing a session with a client, the edge server comprising: a computer-readable storage medium storing computer-executable instructions that, when executed, cause the edge server to, under control of a secure enclave of the edge server, the edge server is an edge server of a content delivery network and the key server is a key server of a customer of the content delivery network whose content is delivered by the content delivery network (Hook, para. [0109] discloses “each agent may act as a server e.g. a certificate server, a key server etc”, para. [0114] discloses “Throughout this specification, the word `agent`, without limitation, comprises a user, an application…a network connected device... Examples comprise, without limitation…communications agent(s), cryptographic agent(s), interface agent(s), etc.” and para. [0115] “Throughout this specification, the word `user` may comprise an `agent` and/or an application associated with content.” Furthermore, para. [0144] discloses “The sharing of content may be facilitated and/or enabled by an intermediate service, such as remote services (further defined below). There may be any number of intermediate and/or remote services in any location (further defined below). Sharing may involve any form of sharing, collaborating, transferring, exchanging, communicating, conveying, interacting etc.”).

generate a quote attesting to code of the secure enclave (Hook, para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob” and para. [0612] discloses “a user (e.g. User1 301), via their agent (e.g. Agent 340) may generate a key, known as a Passphrase Recovery Code (PRC) (quote) and use it to encrypt their passphrase into an encrypted file or data or "blob" known as an Encrypted Passphrase Blob (EPB) (secure enclave).” Furthermore, para. [0205] discloses “the agent may generate an encrypted passphrase blob (EPB) using a passphrase recovery code (PRC)… In the manual case, a first user (e.g. User1 301) may contact a second user (e.g. User2 302) who has been given the PRC or has access to it via their passphrase-recovery box and ask them to provide the PRC…Once the first user has obtained the PRC, their agent (e.g. Agent 340) may recover the passphrase from the EPB” And para. [0613] discloses “The EPB may be stored locally alongside the keystore and/or with other agent data”); 
direct that the quote be sent to the key server (Hook, para. [0215] discloses “Agents (e.g. in End System 310, End System 350) may interact via protocols (e.g. Protocols 360). This interaction may be direct or indirect. Direct interactions include direct connections, peer-to-peer systems, file transfer systems, physical means or any other suitable method of transport.”);
receive from the key server the private key of the key server, which is encrypted with a key of the secure enclave of the edge server (Hook, para. [0135] discloses “The second user provides a second encrypted key (e.g. Encrypted Accept 251), which may exist as an encrypted blob transiting intermediate systems (independent of application, network topology or operating system) using the second user's own key (e.g. Key U2) encrypted with the initial key (e.g. Key U1). The second user thus provides the second encrypted key to the first user.”);
decrypt the private key based on encryption with the key of the secure enclave of the edge server (Hook, para. [0135] discloses “The first user is able to decrypt the second encrypted key by using the initial key or an associated key such as a private key associated with the initial key.”); and

a processor that executes the computer-executable instructions stored in the computer-readable storage medium (Hook, para.[1030] discloses “Various embodiments of the invention may be embodied in many different forms, including computer program logic for use with a processor (e.g., a microprocessor, microcontroller, digital signal processor, or general purpose computer), programmable logic for use with a programmable logic device (e.g., a Field Programmable Gate Array (FPGA) or other PLD), discrete components, integrated circuitry (e.g., an Application Specific Integrated Circuit (ASIC)), or any other means including any combination thereof. In an exemplary embodiment of the present invention, predominantly all of the communication between users and the server is implemented as a set of computer program instructions that is converted into a computer executable form, stored as such in a computer readable medium, and executed by a microprocessor under the control of an operating system.”).


the secure enclave is a hardware feature of a processor that controls execution of trusted code (Lal, para. [0057] discloses a memory enclave of a secure processing environment is made up of at least one memory page associated with read/write controls of an associated processor. An example of a suitable memory enclave is disclosed using INTEL.TM. secure enclave technology which provides a secure enclave as a part of an Intel processor.)
 store the decrypted private key within the secure enclave so that the decrypted private key is not accessible outside of the secure enclave (Lal, para. [0149] discloses “Consistent with the security model of FIG. 1B, digital information 907 may be encrypted with first encryption protocol using one or more information encryption keys hereinafter referred to as I.sub.key. License 908 may therefore include one or more keys for decrypting the encrypted digital information, optionally in combination with one or more information access policies governing access to the encrypted digital information. The cipher text of digital information 907 may be stored in within a memory of client 101, and may optionally be sealed by client 101 to memory enclave 304, e.g. using secure enclave 304's enclave key (E.sub.key). Digital information 907 may thus be protected by encryption as it is provided to client 101 and stored on client 101.” Furthermore, para.[0062] discloses “The memory enclave described herein may also be configured to allow data to be sealed to the enclave. In some embodiments, data may be sealed to a memory enclave using a sealing protocol. In some embodiments, the sealing protocol seals the data to an enclave by encrypting it with an enclave sealing key, which may be stored within the enclave or in another secure location. Because the enclave that sealed the data may be the only entity with knowledge of the enclave sealing key, it may be the only entity capable of unsealing the data.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lal’s technologies for hardening the (Lal, Abstract lines 8-12). 
The combination of Hook and Lal teach all the limitations of claim 38 above, however fail to explicitly teach, but Martin teaches:
the secure enclave is a hardware feature of a processor that controls execution of the trusted code by retrieving from memory encrypted trusted code and encrypted data (Martin, para. [0035] “code and/or data from an encrypted source may be installed into an enclave by first loading a trusted loader into the enclave. Once the enclave is running, this loader can then be used to install secret code/data (e.g., encrypted text, audio, and/or video) into the enclave.” And para.);
decrypting the trusted code and the data; and storing the decrypted trusted code and data in memory that is accessible only by the secure enclave (Martin, para. [0085] “The method may then proceed to element 411, wherein the CPM instructions when executed may cause node 101 to verify the authenticity of MSG4. For example, where MSG4 is signed with node 102's private key (e.g., Spriv), the CPM instructions when executed may cause node 101 to verify the authenticity of the signature using a corresponding public key (e.g., Spub). Alternatively or additionally, if MSG4 is encrypted with Cpub, the CPM instructions when executed may cause node 101 to decrypt MSG4 within memory enclave 304 using a corresponding private key (e.g., Cpriv). In this way, the whitelist ID may be obtained by node 101 within memory enclave 304 and thus protected from malware. The CPM instructions may also cause node 101 to seal the whitelist ID to memory enclave 304, e.g., by encrypting the whitelist ID with memory enclave 304's enclave key.”);
(Martin, para. [0003]). 
As per claim 39, the combination of Hook and Lal teach the edge server of claim 38 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, receive from untrusted code of the edge server a request to decrypt encrypted data (Hook, para. [0042] discloses “facilitating a user access request, and providing a response which facilitates decryption of the stored credential corresponding to the response.”);
decrypt the encrypted data using the private key; and provide the decrypted data to the untrusted code (Hook, para. [0355] discloses “If the second agent has appropriate keys (e.g. Permit 452), then it may decrypt the downloaded content. This may involve decrypting an ECK (e.g. Wrap 435) and then using the content key to decrypt the content. Note that the ECK may be extracted (e.g. Extract 437) from meta-data (e.g. Meta-data 403) which may be stored in the shared box together with the encrypted content (e.g. Shared Box 402) and/or a separate box (e.g. Shadow Box 404). In other embodiments of the present invention the decryption of the content and/or the ECK may be performed using a key associated with the original encryption e.g. a community key (e.g. Community Key 445) or box key or a certificate.”).

As per claim 40, the combination of Hook and Lal teach the edge server of claim 38 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, receive from untrusted code of the edge server a request to encrypt data; encrypt  provide the encrypted data to the untrusted code (Hook, para. [0351] discloses “Content may be signed (e.g. Sign 424) such as with the user's signing private key (e.g. one of Private Keys 482). If content is a stream, then Message Authentication Codes (MACs) may be inserted into the content. The user's signing certificate may be included in the content (e.g. Encrypted File 401), for example if the content is associated with a CMS format. And para.[0352] discloses “The content may be encrypted (e.g. Encrypt 426) preferably using a wrapping key or content key (e.g. Wrap 425). The content key may be encrypted by a box key (e.g. from Permit 442). The encrypted content key (ECK) may be appended or prepended to the encrypted content or be stored separately e.g. added (e.g. Store 427) to the meta-data (e.g. Meta-data 403). In other embodiments of the present invention the encryption of the content and/or the content key may be performed using any other suitable key, such as a community key (e.g. Community Key 445) or box key or a certificate.” Furthermore, para.[0353] discloses “The encrypted content (e.g. Encrypted File 401) may be uploaded (e.g. Upload 423) to a remote service (e.g. Remote Services 370).”).
As per claim 41, the combination of Hook and Lal teach the edge server of claim 38 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, receive from untrusted code of the edge server a request to generate a digital signature; encrypt the data using the private key; and provide the encrypted data to the untrusted code Hook, para. [0351] discloses “Content may be signed (e.g. Sign 424) such as with the user's signing private key (e.g. one of Private Keys 482). If content is a stream, then Message Authentication Codes (MACs) may be inserted into the content. The user's signing certificate may be included in the content (e.g. Encrypted File 401), for example if the content is associated with a CMS format. And para.[0352] discloses “The content may be encrypted (e.g. Encrypt 426) preferably using a wrapping key or content key (e.g. Wrap 425). The content key may be encrypted by a box key (e.g. from Permit 442). The encrypted content key (ECK) may be appended or prepended to the encrypted content or be stored separately e.g. added (e.g. Store 427) to the meta-data (e.g. Meta-data 403). In other embodiments of the present invention the encryption of the content and/or the content key may be performed using any other suitable key, such as a community key (e.g. Community Key 445) or box key or a certificate.” Furthermore, para.[0353] discloses “The encrypted content (e.g. Encrypted File 401) may be uploaded (e.g. Upload 423) to a remote service (e.g. Remote Services 370).” Furthermore, para. [0364] discloses “The encrypted signature may allow for the checking of integrity and/or authenticity. Because a file may be opened and closed locally many times, an efficient signature mechanism may be used such as a Hash-based Message Authentication Code (HMAC).”).

As per claim 42, the combination of Hook and Lal teach the edge server of claim 38 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, receive from untrusted code of the edge server a request to verify a digital signature; encrypt the data using the private key; and provide the encrypted data to the untrusted code (Hook, para. [0136] discloses “At this point, the first and the second users have both undertaken mutual decryption and/or verification, for example using a digital signature, from the other user which may be used to confirm the handshake process. Also, both users are in possession of keys (e.g. U1 and U2) which enables a cryptographically secure channel between them.”).

As per claim 43, the combination of Hook and Lal teach the edge server of claim 38 wherein the key of the secure enclave of the edge server is a public key of a public/private key pair of the secure enclave of the edge server (Hook, para. [0135] discloses “The second user provides a second encrypted key…using the second user's own key (public key) (e.g. Key U2) encrypted with the initial key (e.g. Key U1)… The first user is able to decrypt the second encrypted key by using the initial key or an associated key such as a private key associated with the initial key.” Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 44, the combination of Hook and Lal teach the edge server of claim 43 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, send to the key server a public key of the secure enclave of the edge server (Hook, para. [0130] discloses “the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.”).

As per claim 45, the combination of Hook and Lal teach the edge server of claim 40 wherein the private key is a private key of a public/private key pair of the secure enclave of the key server (Hook, para. [0130] discloses “the first user may send the second user an encrypted key (e.g. Encrypted Contact 250), which may exist as an encrypted blob…The second user may decrypt using the bootstrap key to decrypt the received encrypted blob in order to obtain the initial key (e.g. U1).” Therefore, since the first key is decrypted this indicates use of a private key. Furthermore, para. [0204] discloses “Each credential may include a public key within a certificate and an associated private key. The public and private key pair may be generated by the agent.”).

As per claim 46, the combination of Hook and Lal teach the edge server of claim 45 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, receive a public key certificate of the public key of the key server (Hook, para. [0129] discloses “A first user (e.g. User 200) who wishes to establish a trusted relationship with a second user (e.g. User 201), provides an initial key (e.g. key A or certificate U1) to the second user.” Furthermore, para. [0130] discloses “[0130] The initial key may be provided in many different forms and/or many different ways. For example, the first user may send the second user an encrypted key (e.g. Encrypted Contact 250), which may exist as an encrypted blob transiting intermediate and/or cloud systems, and also the first user makes contact with the second user out-of-band with the associated bootstrap key (e.g. key A). As another example, the first and second users may decide to use an existing key which can be used as a bootstrap key and already in the position of both users (e.g. key B not shown but known to both users). The bootstrap key may be a password, or code or public key or public certificate or personal certificate or any other suitable key.”).

As per claim 47, the combination of Hook and Lal teach the edge server of claim 38 wherein the key of the edge server is a symmetric key shared by the code of the secure enclave and the key server (Hook, para.[0048] discloses “a method of, apparatus and/or application adapted to provide at least one symmetric key between at least two agents in a computer network, the first key being used to enable access to encrypted information in a data store, comprising enabling a first agent to obtain a first key; the first agent enables the second agent to obtain the first key; the second agent using the first key to access the encrypted information; and the first agent managing the lifecycle of the keys used to enabled access to the encrypted information.” Furthermore, para. [0113] discloses “Throughout this specification, the word "key", without limitation, comprises any representation used in association with or operable on an encryption algorithm that enables encryption or decryption of information. Examples comprise, without limitation, cryptographic keys, symmetric key(s)…”).


As per claim 49, the combination of Hook and Lal teach the edge server of claim 38 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, send to the key server a renewal request for the private key (Hook, para. [0459] discloses “Certificate Updates may be requested (pulled) by agents, especially if the agent suspects that it does not have the latest certificate(s) from another agent. For example, in the case that an agent receives a task for which it does not have a certificate which can validate any of the signatures.”);
when a notification of renewal is received, continue to use the private key; and when a notification of renewal is not received, suppress use of the private key (Hook, para. [0310] discloses “A certificate signing service may be used to sign certificates generated by an agent. Certificates may need to be signed on setup of an agent and/or may be re-issued or renewed after revocation or expiry. The certificate signing services may have policies, such as relating to settings, behaviours, restrictions and/or notifications. Notifications may include rules about what to send e.g. warning(s) about expiring certificates, when to send e.g. at decreasing periods as the expiry gets closer, how to send e.g. via email, SMS or other type of notification, etc.” and para.[0463] discloses “If a user renews their certificate(s), the Certificate Update task may be signed using the expiring registrar certificate.” Furthermore, para.[0467] discloses “If client certificates need to be renewed, then the owner or delegated administrator or privileged member may distribute the new credentials (pairs of private key and renewed certificate) to the other parent box users e.g. directly or via a meta box, and/or leave a message in the client's home box indicating that new credentials are available.” And para.[0468] discloses “If a client is deleted then that client's box may be deleted or marked as deleted. In addition, the client may be revoked which may involve and/or cause any associated boxes to be deleted, such as their home box and/or their credential backup box, as well as any associated authorisations.”).

As per claim 50, the combination of Hook and Lal teach the edge server of claim 38 wherein the code of the secure enclave is provisioned with an access credential and wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, receive a cryptography request that includes a proffered credential to perform a cryptographic action using the private key, and when the proffered credential matches the access credential, perform the cryptographic action using the private key (Hook, para. [0750] discloses “Users may control who they trust by following through on the make contact process. Note that a first user need not be highly concerned about the details in a certificate offered by a second user. This is because the certificates mainly serve the purpose of securing an identifiable channel between two users. Thus a user may only need to be confident that the other party has a corresponding private key which they keep private.” Furthermore, para. [0219] discloses “All or part of each task or protocol interaction may be signed and/or encrypted. Signing may use a signing credential such as their system signing or registrar private key. Encryption may use an encryption credential of the intended recipient or Password Based Encryption (PBE).”).

As per claim 51, the combination of Hook and Lal teach the edge server of claim 50 wherein the computer-executable instructions further cause the edge server to, under control of the secure enclave of the edge server, request confirmation from the key server that the access credential is still valid, and when the confirmation is not received, suppress the use of the access credential so that a subsequent cryptographic request that proffers the access credential will be denied (Hook, para.[0455] discloses “In operation, an agent may extend transactions and/or perform other relevant processing in order to provide decentralised certificate life-cycle management. For example, any one or any combination of the following may be performed: [0456] Signing certificates may be sent along with any message, task or confirmation, for example, in case signing certificates are in the process of being renewed.” Furthermore, para.[0458] discloses “Certificate Updates may be initiated (pushed) to multiple agents. For example, if rolling over certificate(s) in the case they've been renewed or refreshing certificates in the case an agent wants to ensure contacts have the latest certificates.” And para. [0468] discloses “If a client is deleted then that client's box may be deleted or marked as deleted. In addition, the client may be revoked which may involve and/or cause any associated boxes to be deleted, such as their home box and/or their credential backup box, as well as any associated authorisations.”).

5. 	Claims 25-28 and 52-55 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. US 2014/0310526 A1 to Pahl, (hereinafter, “Pahl”), in view of US Pub. No. US 2015/0304736 A1 to Lal, (hereinafter, “Lal”) and in further view of Martin, as disclosed above.

As per claim 25, Pahl teaches a method performed by a computing system for establishing by a second device a Transport Layer Security session with a client on behalf of an owner of a private key of a public/private key pair (Pahl, para. [0024] discloses “[0024] A method and apparatus for establishing a secure session (e.g., SSL or TLS) using public-key cryptography where the secure session server does not have access to the private key used during the secure session handshake is described. The secure session server is a computing device that transmits and receives Internet traffic to and from client devices and is the server in the secure session.”), the method comprising:
receiving from the client a request to establish a session, the request including a client random (Pahl, para. [0030] discloses “At operation 1.1, the client device 110 transmits a Client Hello message to the secure session server 120. The Client Hello message begins the secure session handshake… the Client Hello message is transmitted to the secure session server 120 as a result of a Domain Name System (DNS) request for the domain the client device 110 is attempting to connect to resolving to an IP address of the secure session server 120. The Client Hello message may include the following: an indication of the requested version of the SSL or TLS protocol, a requested session identifier used to identify the session connection, a list of cipher suites supported by the client device 110, a list of the compression methods supported by the client device 110, random data used for cryptographic purposes (ClientHello.random), and also may indicate whether and what type of extensions defined by the protocol that the client supports.”);
sending to the client a public key certificate of a public/private key pair and a server random (Pahl, para.[0031] discloses “In response to the Client Hello message, at operation 1.2 the secure session server 120 transmits a Server Hello message to the client device 110. The Server Hello message may include the version of the SSL or TLS protocol supported by the secure session server 120, a session identifier that will be used to identify the session, the selected cipher suite (selected from the list of cipher suites included in the Client Hello message), random data used for cryptographic purposes that is different than the random data included in the ClientHello message (sometimes referred to as ServerHello.random), and may also include a list of the extensions that the server supports.” And para.[0032] discloses “The secure session server 120 also transmits a Certificate message to the client device 110 at operation 1.3 (a server Certificate). The Certificate message includes a digital certificate for the requested domain. For example, if the requested domain is example.com, the Certificate message includes a digital certificate bound to example.com. The digital certificate includes, among other things, a public key. At operation 1.4, the secure session server 120 transmits a Server Hello Done message to the client device 110 that indicates that the hello-message phase of the handshake is complete.”);
receiving from the client an encrypted secret that is encrypted using the public key (Pahl, para. [0033] discloses “At operation 1.5, the client 110 transmits a Client Key Exchange message to the secure session server 120. The Client Key Exchange message includes a random value called a premaster secret that has been encrypted using the public key included in the Certificate message of operation 1.3. By way of a specific example, if the RSA algorithm is being used for key agreement and authentication, the client device 110 generates a 48-byte value for the premaster secret and encrypts it using the public key from the server's certificate and transmits the encrypted premaster secret to the secure session server 120. As will be described below, the decrypted premaster secret is used to generate a shared secret between the client device 110 and the secure session 120 (called the master secret), which is then used when generating the encryption and decryption keys used to encrypt and decrypt data transmitted during the secure session. It should be understood that if the encrypted premaster secret cannot be decrypted, then the handshake will fail and the secure session will not be established.”); and
requesting a secure enclave of the computing system to decrypt the encrypted secret using the private key of a first device (Pahl, para. [0034] discloses “The secure session server 120 does not have the private key to decrypt the premaster secret. However, the private key is stored on the key server 130 (as one of the private key(s) 150). Although FIG. 1 illustrates the key server 130 storing the private keys, in other embodiments the key server 130 has access to the private keys but those private keys are stored on a different device. At operation 1.6, the secure session server 120 transmits the encrypted premaster secret to the key server 130. The key server 130 decrypts the encrypted premaster secret using the private key for the requested domain. The key server 130 then transmits the decrypted premaster secret to the secure session server 120 at operation 1.7. In one embodiment, the messages of operations 1.6 and 1.7 are transmitted over a secure connection 155 (e.g., encrypted using SSL or TLS, or other mechanisms) and/or the encrypted premaster secret and the decrypted premaster secret are otherwise encrypted.”)
(Pahl, para. [0116] discloses “the secure session server (edge server) may be a proxy server in a cloud-based proxy service that provides one or more services for one or more domain owners. By way of example, the cloud-based proxy service may provide services including protecting against Internet-based threats (e.g., proactively stopping botnets, cleaning viruses, trojans, and worms, etc.), providing performance services for customers (e.g., acting as a node in a content delivery network (CDN) and dynamically caching customer's files closer to visitors, page acceleration, content optimization services, etc.), image loading optimization (e.g., deferred image loading and/or auto-resizing), and/or other services.” And para. [0117] discloses “the secure session server may be a node in a CDN”)
Pahl teaches all the limitations of claim 25 above, however fails to explicitly teach, but Lal teaches:
the secure enclave is a hardware feature of a processor that controls execution of trusted code (Lal, para. [0057] discloses a memory enclave of a secure processing environment is made up of at least one memory page associated with read/write controls of an associated processor. An example of a suitable memory enclave is disclosed using INTEL.TM. secure enclave technology which provides a secure enclave as a part of an Intel processor.)
the secure enclave having obtained the private key from the first device based on a quote provided to the first device attesting that code of the secure enclave is trusted code (Lal, para. [0060] discloses “The enclave report may be signed with a digital signature using a first digital signature protocol, such as the Rivest Shamir Adleman (RSA) signature protocol, the digital signature algorithm (DSM) protocol, Intel Enhanced Privacy Identification (EPID), combinations thereof and the like. For example, a module may cause an enclave to sign an enclave report a signing key that is specific to the enclave, such as but not limited to an enclave signing key, an independent software vendor (ISV) key, combinations thereof, and the like. A quoting module local to or remote from the client may verify the integrity of the signed report by verifying the authenticity of the digital signature applied thereto. Upon verification of the digital signature applied to the enclave report, the quoting module may generate an enclave quote and sign the quote with a quote signing key using a second digital signature protocol that is the same or different from the first digital signature protocol. The quote signing key may be specific to the client, such as the client's EPID key, the client's platform key, another signing key specific to the client, combinations thereof, and the like.” And para. [0061] discloses “The signed enclave quote may allow a remote device (e.g., a server) to verify the authenticity and/or integrity of a memory enclave and the contents (code and data) of the memory enclave on a client. In particular, the enclave quote may allow a remote entity (e.g., server 102) to have proof that an enclave is genuine, e.g., by providing proof that no one else but the relevant enclave (or corresponding processor) could have generated the report, and by providing information that allows the remote entity to verify that the code and data inside the enclave has not been modified. For example, a server may authenticate a memory enclave by verifying that the enclave is running on a trusted platform, checking the enclave measurement and/or identity information included in the enclave quote, combinations thereof, and the like. As will be discussed below, successful verification of the memory enclave may facilitate the provisioning of initial secrets to the enclave from the server. This mechanism may also be used by one enclave on the client to verify the integrity of another enclave on the client, thus allowing two or more client enclaves to collaborate to perform operations consistent with the present disclosure.” Furthermore, para. [0092] discloses “One example of other information that may be included in the enclave quote includes a key or keys that may be used by server 102 to verify digital signatures that may be applied to communications from client 101.”)
(Lal, Abstract lines 8-12). 
The combination of Pahl and Lal teach all the limitations of claim 25 above, however fail to explicitly teach, but Martin teaches:
the secure enclave is a hardware feature of a processor that controls execution of the trusted code by retrieving from memory encrypted trusted code and encrypted data (Martin, para. [0035] “code and/or data from an encrypted source may be installed into an enclave by first loading a trusted loader into the enclave. Once the enclave is running, this loader can then be used to install secret code/data (e.g., encrypted text, audio, and/or video) into the enclave.” And para.);
decrypting the trusted code and the data; and storing the decrypted trusted code and data in memory that is accessible only by the secure enclave (Martin, para. [0085] “The method may then proceed to element 411, wherein the CPM instructions when executed may cause node 101 to verify the authenticity of MSG4. For example, where MSG4 is signed with node 102's private key (e.g., Spriv), the CPM instructions when executed may cause node 101 to verify the authenticity of the signature using a corresponding public key (e.g., Spub). Alternatively or additionally, if MSG4 is encrypted with Cpub, the CPM instructions when executed may cause node 101 to decrypt MSG4 within memory enclave 304 using a corresponding private key (e.g., Cpriv). In this way, the whitelist ID may be obtained by node 101 within memory enclave 304 and thus protected from malware. The CPM instructions may also cause node 101 to seal the whitelist ID to memory enclave 304, e.g., by encrypting the whitelist ID with memory enclave 304's enclave key.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Martin’s use of a secure enclave in policy-based trusted inspection into Lal’s technologies for hardening the security of digital information on client platforms and Pahl’s secure session capability using public-key cryptography, with a motivation to protect the distribution of sensitive digital information (Martin, para. [0003]). 

As per claim 26, the combination of Pahl, Lal and Martin teach the method of claim 25 further comprising: receiving from the secure enclave the decrypted secret; and generating a session key for the session based on the client random, the server random, and the secret (Pahl, para. [0036]- [0038] discloses “The secure session server 120 uses the decrypted premaster secret to calculate the master secret. [0037] The master secret is used by the client device 110 and the secure session server 120 to generate session keys that are used to encrypt and decrypt information during the secure session. [0038] At operation 1.8, the client device 110 transmits a Change Cipher Spec message to the secure session server 120. The Change Cipher Spec message from the client device 110 indicates that future messages transmitted by the client device 110 will be encrypted. At operation 1.9, the client device 110 transmits a Finished message to the secure session server 120. The Finished message is encrypted using the generated session keys. By way of example, the Finished message includes an encrypted hash of all of the messages in the handshake previously sent and received.”)

As per claim 27, the combination of Pahl, Lal and Martin teach the method of claim 25 wherein the requesting of the secure enclave further includes requesting the secure enclave to generate a (Pahl, para.[0036]- [0038] discloses “The secure session server 120 uses the decrypted premaster secret to calculate the master secret.  [0037] By way of a specific example, the master key is used to generate a client write Message Authentication Code (MAC) key, a server write MAC key, a client write encryption key, and a server write encryption key. A client write Initialization Vector (IV) and a server write IV may also be generated depending on the cipher used.  [0038] At operation 1.8, the client device 110 transmits a Change Cipher Spec message to the secure session server 120. The Change Cipher Spec message from the client device 110 indicates that future messages transmitted by the client device 110 will be encrypted. At operation 1.9, the client device 110 transmits a Finished message to the secure session server 120. The Finished message is encrypted using the generated session keys. By way of example, the Finished message includes an encrypted hash of all of the messages in the handshake previously sent and received.”).

As per claim 28, the combination of Pahl, Lal and Martin teach the method of claim 27 further comprising requesting the secure enclave to encrypt data of the session using the session key (Pahl, para.[0037] discloses “The master secret is used by the client device 110 and the secure session server 120 to generate session keys that are used to encrypt and decrypt information during the secure session.”).
As per claim 52, Pahl teaches the edge server for establishing a Transport Layer Security session with a client on behalf of an owner of a private key of a public/private key pair (Pahl, para. [0024] discloses “[0024] A method and apparatus for establishing a secure session (e.g., SSL or TLS) using public-key cryptography where the secure session server does not have access to the private key used during the secure session handshake is described. The secure session server is a computing device that transmits and receives Internet traffic to and from client devices and is the server in the secure session.”), the edge server comprising: a computer-readable storage medium storing computer-executable instructions that, when executed, cause the edge server to: 
receive from the client a request to establish a session, the request including a client random (Pahl, para. [0030] discloses “At operation 1.1, the client device 110 transmits a Client Hello message to the secure session server 120. The Client Hello message begins the secure session handshake… the Client Hello message is transmitted to the secure session server 120 as a result of a Domain Name System (DNS) request for the domain the client device 110 is attempting to connect to resolving to an IP address of the secure session server 120. The Client Hello message may include the following: an indication of the requested version of the SSL or TLS protocol, a requested session identifier used to identify the session connection, a list of cipher suites supported by the client device 110, a list of the compression methods supported by the client device 110, random data used for cryptographic purposes (ClientHello.random), and also may indicate whether and what type of extensions defined by the protocol that the client supports.”);
send to the client a public key certificate for a public/private key pair and a server random (Pahl, para.[0031] discloses “In response to the Client Hello message, at operation 1.2 the secure session server 120 transmits a Server Hello message to the client device 110. The Server Hello message may include the version of the SSL or TLS protocol supported by the secure session server 120, a session identifier that will be used to identify the session, the selected cipher suite (selected from the list of cipher suites included in the Client Hello message), random data used for cryptographic purposes that is different than the random data included in the ClientHello message (sometimes referred to as ServerHello.random), and may also include a list of the extensions that the server supports.” And para.[0032] discloses “The secure session server 120 also transmits a Certificate message to the client device 110 at operation 1.3 (a server Certificate). The Certificate message includes a digital certificate for the requested domain. For example, if the requested domain is example.com, the Certificate message includes a digital certificate bound to example.com. The digital certificate includes, among other things, a public key. At operation 1.4, the secure session server 120 transmits a Server Hello Done message to the client device 110 that indicates that the hello-message phase of the handshake is complete.”);
receive from the client an encrypted pre-master secret that is encrypted using the public key (Pahl, para. [0033] discloses “At operation 1.5, the client 110 transmits a Client Key Exchange message to the secure session server 120. The Client Key Exchange message includes a random value called a premaster secret that has been encrypted using the public key included in the Certificate message of operation 1.3. By way of a specific example, if the RSA algorithm is being used for key agreement and authentication, the client device 110 generates a 48-byte value for the premaster secret and encrypts it using the public key from the server's certificate and transmits the encrypted premaster secret to the secure session server 120. As will be described below, the decrypted premaster secret is used to generate a shared secret between the client device 110 and the secure session 120 (called the master secret), which is then used when generating the encryption and decryption keys used to encrypt and decrypt data transmitted during the secure session. It should be understood that if the encrypted premaster secret cannot be decrypted, then the handshake will fail and the secure session will not be established.”); and
request trusted code of a secure enclave of the edge server to decrypt the encrypted pre-master secret using the private key (Pahl, para. [0034] discloses “The secure session server 120 does not have the private key to decrypt the premaster secret. However, the private key is stored on the key server 130 (as one of the private key(s) 150). Although FIG. 1 illustrates the key server 130 storing the private keys, in other embodiments the key server 130 has access to the private keys but those private keys are stored on a different device. At operation 1.6, the secure session server 120 transmits the encrypted premaster secret to the key server 130. The key server 130 decrypts the encrypted premaster secret using the private key for the requested domain. The key server 130 then transmits the decrypted premaster secret to the secure session server 120 at operation 1.7. In one embodiment, the messages of operations 1.6 and 1.7 are transmitted over a secure connection 155 (e.g., encrypted using SSL or TLS, or other mechanisms) and/or the encrypted premaster secret and the decrypted premaster secret are otherwise encrypted.”), 
a processor that executes the computer-executable instructions stored in the computer-readable storage medium (Pahl, para. [0119] discloses “the storage device of a given electronic device typically stores code and/or data for execution on the set of one or more processors of that electronic device.”).

the edge server is an edge server of a content delivery network and the key server is a key server of a customer of the content delivery network whose content is delivered by the content delivery network (Pahl, para. [0116] discloses “the secure session server and the key server are owned by different entities…the secure session server (edge server) may be a proxy server in a cloud-based proxy service that provides one or more services for one or more domain owners… The key server may be owned or operated by a domain owner that is a customer of the cloud-based proxy service.” And para. [0117] discloses “the secure session server may be a node in a CDN”).

Pahl teaches all the limitations of claim 52 above, however fails to explicitly teach, but Lal teaches:
the secure enclave is a hardware feature of a processor that controls execution of trusted code (Lal, para. [0057] discloses a memory enclave of a secure processing environment is made up of at least one memory page associated with read/write controls of an associated processor. An example of a suitable memory enclave is disclosed using INTEL.TM. secure enclave technology which provides a secure enclave as a part of an Intel processor.)
the secure enclave having obtained the private key from a key server based on a quote, generated by the secure enclave and provided to the key server, attesting that code of the secure enclave is trusted code, (Lal, para. [0060] discloses “The enclave report may be signed with a digital signature using a first digital signature protocol, such as the Rivest Shamir Adleman (RSA) signature protocol, the digital signature algorithm (DSM) protocol, Intel Enhanced Privacy Identification (EPID), combinations thereof and the like. For example, a module may cause an enclave to sign an enclave report a signing key that is specific to the enclave, such as but not limited to an enclave signing key, an independent software vendor (ISV) key, combinations thereof, and the like. A quoting module local to or remote from the client may verify the integrity of the signed report by verifying the authenticity of the digital signature applied thereto. Upon verification of the digital signature applied to the enclave report, the quoting module may generate an enclave quote and sign the quote with a quote signing key using a second digital signature protocol that is the same or different from the first digital signature protocol. The quote signing key may be specific to the client, such as the client's EPID key, the client's platform key, another signing key specific to the client, combinations thereof, and the like.” And para. [0061] discloses “The signed enclave quote may allow a remote device (e.g., a server) to verify the authenticity and/or integrity of a memory enclave and the contents (code and data) of the memory enclave on a client. In particular, the enclave quote may allow a remote entity (e.g., server 102) to have proof that an enclave is genuine, e.g., by providing proof that no one else but the relevant enclave (or corresponding processor) could have generated the report, and by providing information that allows the remote entity to verify that the code and data inside the enclave has not been modified. For example, a server may authenticate a memory enclave by verifying that the enclave is running on a trusted platform, checking the enclave measurement and/or identity information included in the enclave quote, combinations thereof, and the like. As will be discussed below, successful verification of the memory enclave may facilitate the provisioning of initial secrets to the enclave from the server. This mechanism may also be used by one enclave on the client to verify the integrity of another enclave on the client, thus allowing two or more client enclaves to collaborate to perform operations consistent with the present disclosure.” Furthermore, para. [0092] discloses “One example of other information that may be included in the enclave quote includes a key or keys that may be used by server 102 to verify digital signatures that may be applied to communications from client 101.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lal’s technologies for hardening the security of digital information on client platforms into Pahl’s secure session capability using public-key cryptography, with a motivation to protect digital information as it is provided to, stored on, accessed on, and/or processed for display by a client device, even if the client device may be infested with malware or subject to attack by another entity (Lal, Abstract lines 8-12). 
The combination of Pahl and Lal teach all the limitations of claim 52 above, however fail to explicitly teach, but Martin teaches:
the secure enclave is a hardware feature of a processor that controls execution of the trusted code by retrieving from memory encrypted trusted code and encrypted data (Martin, para. [0035] “code and/or data from an encrypted source may be installed into an enclave by first loading a trusted loader into the enclave. Once the enclave is running, this loader can then be used to install secret code/data (e.g., encrypted text, audio, and/or video) into the enclave.” And para.);
(Martin, para. [0085] “The method may then proceed to element 411, wherein the CPM instructions when executed may cause node 101 to verify the authenticity of MSG4. For example, where MSG4 is signed with node 102's private key (e.g., Spriv), the CPM instructions when executed may cause node 101 to verify the authenticity of the signature using a corresponding public key (e.g., Spub). Alternatively or additionally, if MSG4 is encrypted with Cpub, the CPM instructions when executed may cause node 101 to decrypt MSG4 within memory enclave 304 using a corresponding private key (e.g., Cpriv). In this way, the whitelist ID may be obtained by node 101 within memory enclave 304 and thus protected from malware. The CPM instructions may also cause node 101 to seal the whitelist ID to memory enclave 304, e.g., by encrypting the whitelist ID with memory enclave 304's enclave key.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Martin’s use of a secure enclave in policy-based trusted inspection into Lal’s technologies for hardening the security of digital information on client platforms and Pahl’s secure session capability using public-key cryptography, with a motivation to protect the distribution of sensitive digital information (Martin, para. [0003]).
As per claim 53, the combination of Pahl and Lal teach the edge server of claim 52 wherein the computer-executable instructions further cause the edge server to: receive from the secure enclave the decrypted pre-master secret; and generate a session key for the session based on the client random, the server random, and the pre-master secret (Pahl, para.[0036]- [0038] discloses “The secure session server 120 uses the decrypted premaster secret to calculate the master secret. [0037] The master secret is used by the client device 110 and the secure session server 120 to generate session keys that are used to encrypt and decrypt information during the secure session. [0038] At operation 1.8, the client device 110 transmits a Change Cipher Spec message to the secure session server 120. The Change Cipher Spec message from the client device 110 indicates that future messages transmitted by the client device 110 will be encrypted. At operation 1.9, the client device 110 transmits a Finished message to the secure session server 120. The Finished message is encrypted using the generated session keys. By way of example, the Finished message includes an encrypted hash of all of the messages in the handshake previously sent and received.”)

As per claim 54, the combination of Pahl and Lal teach the edge server of claim 52 wherein the computer-executable instructions that request the trusted code further cause the edge server to request the trusted code of the secure enclave to generate a session key based on the client random, the server random, and the pre-master secret and to store the session key (Pahl, para.[0036]- [0038] discloses “The secure session server 120 uses the decrypted premaster secret to calculate the master secret.  [0037] By way of a specific example, the master key is used to generate a client write Message Authentication Code (MAC) key, a server write MAC key, a client write encryption key, and a server write encryption key. A client write Initialization Vector (IV) and a server write IV may also be generated depending on the cipher used.  [0038] At operation 1.8, the client device 110 transmits a Change Cipher Spec message to the secure session server 120. The Change Cipher Spec message from the client device 110 indicates that future messages transmitted by the client device 110 will be encrypted. At operation 1.9, the client device 110 transmits a Finished message to the secure session server 120. The Finished message is encrypted using the generated session keys. By way of example, the Finished message includes an encrypted hash of all of the messages in the handshake previously sent and received.”).

As per claim 55, the combination of Pahl and Lal teach the edge server of claim 54 wherein the computer-executable instructions further cause the edge server to request the secure enclave to encrypt data of the session using the session key (Pahl, para. [0037] discloses “The master secret is used by the client device 110 and the secure session server 120 to generate session keys that are used to encrypt and decrypt information during the secure session.”).
 

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US-20160196218 – Secure distributed backup module to encrypt data using a secure enclave for personal device and cloud data.
US-20160188889 – Establishing secure channels between a protected execution environment and other endpoints. 
6.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437       


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498