DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

              This office action is a response to an application filed 02/19/2021 wherein claims 1, and 3 - 15 are pending and ready for examination.  

Response to Arguments
Applicant's arguments filed 02/19/2021 have been fully considered but they are not persuasive. 
Claim Objections
Applicant Asserts: Claim 9 is objected to because it is directed to a system but depends from claim 7, which is directed to a method. Applicant has accordingly amended claim 9 to correctly depend from claim 8, which is directed to a system.

Examiner Response:  The Examiner thanks applicant representative for clarifying this minor error and withdraws the objection to claim 9 due to applicant amendment.

Claim rejections under 35 USC 103Applicant Asserts:  First, consider the case in which the sensor 130 corresponds to the claimed local process and the TEE 114 corresponds to the claimed service. However, the TEE 114 does not receive an encryption request from the sensor 130, let alone via a secure channel, and let alone an encryption request that includes a credential associated with the sensor 130, that 
Examiner Response:  The Examiner thanks applicant representative for working to advance the prosecution of this application.

No Encryption Request:  The Examiner does not agree with applicant representative assertion that prior art of record CHU TEE 114 does not receive an encryption request from the sensor 130.   TEE 114 and Sensor 130 engage in an Authenticated Key Exchange as indicated by the double arrows, which signify either device may be the requestor. No Secure Channel: Chu [0044] …An internal secure channel is formed between the TEE 114 and the SE 120.
No credential associated with the sensor 130:  Further, Chu teaches [0044] two processes are involved at the Authenticated Key Exchange step.  SE 120, in order to authenticate to The TEE, would require a credential unique to SE 120.  The credential unique to SE 120 is its key that is to be exchanged with TEE 114.  SE 120 key passed to the TEE is a credential of SE 120 that is exchanged and used to authenticate SE 120.  	No data provided: Chu teaches [0044] …The key EHRK is used to encrypt the health data.  Here, SE 120 provides health care data to TEE 114
Opposite to the claim: sensor 130 that receives a request from the TEE 114:  The claim requires receipt by a service executing on a system.  The Examiner does not construe sensors 130 to be executing on the system but simply sending sensed data.  Chu executes the data beginning at the with local services TEE 114 and SE 120.  Figure 2 illustrates that the Select Health Service application requests healthcare data from Sensors 130.  The Examiner takes no issue with how the data arrives at the TEE.  Chu satisfies the ‘request’ limitation when the TEE and SE engage in the authenticated key exchange.  The request is received from the sensor by way of the Select Health Service in the TEE and sent to the SE.    

Applicant Asserts: As noted above, the most recent non-final office action corresponds the selection of a health service at the TEE 114 as the claimed encryption request. However, the selection of a health service at the TEE 114 (and thus at the TEE 114 and the SE 120 in combination) is not a request received from the sensor 130, as is required if the sensor 130 corresponds to the claimed local process. Moreover, the selection of a health service does not provide the data and does not specify an encryption function to be performed in relation to the data. Rather, it is the health sensor 130 that provides the data, as noted above.Examiner Response:  Please see response above to encryption request and secure channel.  Moreover, in the last non-final office action the Examiner stated that the TEE was a local process as well as the sensor 130.  In fact, Chu teaches that all processes within Device 100 are local processes.  The Examiner will make clear that the TEE, SE, and Sensors 130 are all local processes to Server 300.

Applicant Asserts: Furthermore, in this third case, the TEE 114 and the SE 120 in combination do not provide a result of the encryption function to the health sensor 130, let alone via a secure channel. The TEE 114 (and thus the TEE 114 and the SE 120 in combination) provides the result of the.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.


The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 8, and 12 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The claims state in part… subsequent to performance of the encryption function, provide an encrypted string obtained from the encryption function to the local process.  Here, the amendment appears to teach that before the function of encryption is carried out or performed, the result of encryption of the string is provided to a local process.  The Examiner finds providing the encrypted result to the local process before the result is encrypted an impossible feat and not supported by the instant disclosure.  The closes concept to the amended claims may be found at instant specification [0019] whereby verification seeks to determine if processes are authorized to access data they seek to perform an encryption function.  This is different that the amendment to 1, 8, and 12 because providing an encryption result to a process before the string has been encrypted is not the same as verifying that the processes are authorized to perform an encryption function to data they seek to access.

Claim 12 is further rejected based on the limitation:  subsequent to performance of the encryption function, provide the decrypted string to the local process.  This limitation follows the amended limitation in claim 12 subsequent to performance of the encryption function, provide an encrypted string obtained from the encryption function to the local process. The step that 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, and 3 -15 are rejected under 35 U.S.C. 103 as being unpatentable over CHU; Younsung et al, US 20160234176 A1, February 5, 2016, hereafter referred to as Chu in view of Fujibayashi; Akira et al, US 20070180239, August 2, 2007, hereafter referred to as Fujibayashi.

           As to claim 1, Chu teaches a method – Chu Fig. 2 comprising:
           receiving, by a service of and executing on a system, an encryption request from a local process of the system – Chu [0045] The health sensor 130 checks a health condition of a user (Select Health Service), and responsive to a request by the TEE 114 (Data Transfer Request) transmits generated health data (EHR_Data) to the TEE 114. Here, the claimed ‘receiving’ is taught by Chu as ‘TEE 114’ as health sensor 130 responds to the request.  The claimed local process is also taught by Chu as ‘TEE 114 and SE 120’ as they reside locally via a secure channel – Chu [0044] The TEE 114 performs an exchange process of authentication and a key (Authenticated Key Exchange). An internal secure channel is formed between the TEE 114 and the SE 120, where the encryption request includes a credential associated with the local process – Chu [0044] The TEE 114 performs an exchange process of authentication and a key (Authenticated Key Exchange).  Here, the claimed ‘credential associated’ is taught by Chu as ‘key’ because the TEE and the SE exchange keys local to their respective processes prior to creating a session key), the encryption request provides data and specifies an encryption function – Chu [0045] responsive to a request by the TEE 114 (Data Transfer Request) transmits generated health data (EHR_Data) to the TEE 114…For the sake of a security of the health data of a user safely collected in the TEE 114, the TEE 114 retrieves a key EHRK stored in the SE 120 ( Key Retrieval with KeyLabel) to use it in the TEE 114), and the encryption function is to encrypt or decrypt the provided data - Chu [0045] The collected health data of a user is encrypted using the encryption key EHRK generated in the SE 120;
            responsive to the receipt of the request, verifying, by the service and using the credential, that the local process is authorized to access the encryption function specified in the encryption request – Chu [0048] If ownership with respect to a use of the SE 120 of a user is determined, the TEE 114 requests a public key (e.g., RSA 2048 public key) of the SE 120 (Public Key Request in FIG. 3). The public key of the SE 120 is needed to encrypt ownership authentication data (OwnerAuth). Here, the claimed ‘verifying’ is taught by Chu as ‘is determined’ whereas the claimed ‘by the service’ is taught by Chu as ‘TEE 114’ because the TEE 114 and SE 120 are transactional based on a request for an encryption function, the claimed ‘credential’ is taught by Chu as ‘public key’);
           responsive to verification performing, by the service, the encryption function specified in the encryption request using a security key unique to the system, without exposing the security key to the local process – Chu [0044] The TEE 114 generates a random number RAND (RAND Generation) which is safe in hardware from the SE 120, and generates a key EHRK for user health data protection based on the random number RAND); and
           subsequent to performance of the encryption function, providing by the service,  a result of the encryption function to the local process – Chu [0048] If ownership with respect to a use of the SE 120 of a user is determined, the TEE 114 requests a public key (e.g., RSA 2048 public key) of the SE 120). Here, the claimed ‘result’ is taught by Chu as ‘determined’ because determined means authenticated in this case and notification of the authentication is performed by the TEE providing the result in the form of a request of the public key of the SE such that the SE can encrypt the health data) via the secure channel – Chu [0044] Formation of the internal secure channel means that data is transmitted using a session key (SK) shared between the TEE 114 and the SE 120. The TEE 114, which is constituted by hardware and thus secure, may provide access to the SE 120 through the secure channel safely while preventing an external attack..  FUJIBAYASHI FURTHER TEACHES performing the encryption function specified in the encryption request using a security key unique to a system performing the method Fujibayashi - [0095] First, the volume management table is searched for an entry … in the write request, in order to determine whether to encrypt the logical volume 00 or not...The obtained encryption key is used in the encryption function unit 117A to encrypt the write data DT0 (S603). It would have been obvious to person of ordinary skill in the art before 

            As to claim 2, (cancelled)

            As to claim 3, the combination of Chu and Fujibayashi teaches the method of claim 1, where the encryption function is encrypting data provided in the request – Chu [0045] The collected health data of a user is encrypted using the encryption key EHRK generated in the SE 120) and where the encryption function includes the credential in the data encrypted by the encryption function - [0048] If ownership with respect to a use of the SE 120 of a user is determined, the TEE 114 requests a public key (e.g., RSA 2048 public key) of the SE 120 (Public Key Request in FIG. 3). The public key of the SE 120 is needed to encrypt ownership authentication data (OwnerAuth).

           As to claim 4, the combination of Chu and Fujibayashi teaches the method of claim 1, where the encryption function is decrypting data provided in the request – Chu  [0052] … the SE 120 which received the ownership request decrypts the EncOA using a private key of the SE 120. The OwnerAuth may be safely stored in a secure storage device (e.g., a secure non-volatile random access memory (NVRAM)) of the SE 120) and where the method further comprises verifying, by the service, the credential against a credential retrieved from the data before providing the result of the encryption function to the local process – Chu [0058] After receiving an authentication response from the SE 120, the TEE 114 calculates an OwnerAuth (=SHA-256(PIN)) after receiving a PIN from a user through a trusted UI).

           As to claim 5, the combination of Chu and Fujibayashi teaches the method of claim 1, further comprising generating the security key during an initial setup of the system. – Chu [0052] The SE 120 generates a storage root key (SRK) through a random number generator and may safely store the generated storage root key SRK in the secure storage device).

          As to claim 6, the combination of Chu and Fujibayashi teaches the method of claim 1, further comprising providing a credential to the local process – Chu [0051] The TEE 114 transmits a Nonce (an arbitrary number that may be used only once) generated through an internal random number generator and a value EncOA obtained by RSA-encrypting the ownership authentication data (OwnerAuth) using a public key of the SE 120 to the SE 120).

            As to claim 7, the combination of Chu and Fujibayashi teaches the method of claim 1, where the credential associated with the process is one of, a path associated with the process, is a path associated with the local process, a process identifier, or proof of access to a system file – [0043] The SE 120 stores the PIN in advance and may give an ownership to a user through PIN verification (Take Ownership).  Here, the claimed ‘credential’ is taught by Chu as ‘PIN’, whereas the claimed local process is taught by Chu as ‘SE 120’, the claimed ‘local service’ is taught by Chu as ‘SE 120’ as the backend service the TEE).

            As to claim 8, claim 8 is a system that directed to the method of claim 1.  Therefore, claim 8 is rejected for the reasons as set forth in claim 1.

            As to claim 9, the combination of Chu and Fujibayashi teaches the system of claim 8, where the encryption service performs encryption of data such that the encrypted data is retrievable by each combination of two of; the process, the encryption service, and a trusted third party - Chu [0090] FIG. 13 illustrates a diagram of a HMAC verification process using TEE 114 and SE 120, according to an embodiment of the inventive concept. The TEE 114 verifies HMAC calculated through a HMAC generation request in the SE 120).  Here, th e claimed ‘encryption service’ is taught by Chu as ‘HMAC verification process’, the claimed ‘a trusted third party’ is taught by Chu as ‘SE 120’).

            As to claim 10, the combination of Chu and Fujibayashi teaches the system of claim 8, comprising a key generation module to generate the security key during an initialization of one of, the system and the encryption service – Chu [0043] A user registration is performed in the SE 120 to receive a reinforcement security from the electronic device 100…. After that, the SE 120 generates a root key corresponding to a user based on the PIN). Here, the claimed ‘key generation module’ is taught by Chu as ‘SE 120’ however, the TEE also is a key generation module.  The claimed ‘initialization’ is taught by Chu as ‘registration’ whereas the claimed ‘system’ is taught by Chu as ‘electronic device 100’ and Figure 1).

        As to claim 11, the combination of Chu and Fujibayashi teaches the system of claim 8 where the encryption services verifies that the process Is authorized to access the encryption function also based on a current time, a date, whether an application is operating on the system, whether a time-to-live has expired, and/or how many times data has been decrypted – Chu [0043] After safely storing a key generated from the TEE 114 and from outside of the TEE 114 in a tamper resistant storage device of the SE 120, the TEE 114 may safely remove a key when an event such as a service life expiration of a corresponding key, a key renewal, or the like occurs).

                As to claim 12, Chu teaches a non-transitory computer-readable medium storing processor executable instructions that when executed causes a service of a system, to:
               receive, via a secure channel an encryption request, where the encryption request identifies a credential associated with a local process – Chu [0040 and 0044] since at ’40 …The electronic device 100 may form a secure channel after performing an authentication using a simple secure protocol using a PIN (personal identification number) between the TEE 114 and SE 120) since at ’44… The TEE 114 performs an exchange process of authentication and a key (Authenticated Key Exchange). An internal secure channel is formed between the TEE 114 and the SE 120., a data string, and an encryption function to be performed on the data string where the encryption function is to encrypt or decrypt the data string – Chu [0047] A user inputs a PIN using a trusted user interface (UI) safely protected from an external attack of the electronic device 100. The SE 120 may generate a SRK (storage root key) corresponding to the PIN of a user. Here, the claimed ‘data string’ is taught by Chu as ‘PIN’ whereas the claimed ‘encryption function’ is taught by Chu as ‘generate a SRK’) via a secure channel – Chu [0044] …An internal secure channel is formed between the TEE 114 and the SE 120);
             responsive to receipt of the encryption request, verify that the local process is authorized to access the encryption function based on the credential associated with the local process – Chu [0044] The TEE 114 performs an exchange process of authentication and a key (Authenticated Key Exchange).  Here, Chu has already taught the verification based on performing the AKE setting up the secure channel by two processes Authentication and an Authenticated Key Exchange whereby the claimed verifying is taught by Chu as ‘Authentication’.  The claimed ‘encryption request’ is previously taught as Select Health Service);
responsive to verification, and when the encryption function is to encrypt the data string – Chu [0044]The key EHRK is used to encrypt the health data);
            append the credential associated with the process to the data string prior to encrypting the data string – Chu [0045] For the sake of a security of the health data of a user safely collected in the TEE 114, the TEE 114 retrieves a key EHRK stored in the SE 120 (Key Retrieval with KeyLabel) to use it in the TEE 114.);
           perform the encryption function on the data string using a security key unique to the system to encrypt the data string without exposing the security key to the process – Chu [0045] The collected health data of a user is encrypted using the encryption key EHRK generated in the SE 120, and then may be safely transmitted to the server 300 (Encrypted EHR Data) for managing the health data; and
         subsequent to performance of the encryption function, provide an encrypted string obtained from the encryption function to the process – Chu  [0052] … the SE 120 which received the ownership request decrypts the EncOA using a private key of the SE 120. The OwnerAuth may be safely stored in a secure storage device (e.g., a secure non-volatile random access memory (NVRAM)) of the SE 120); and
                 responsive to verification, and when the encryption function is decrypting the data string:
           perform the encryption function on the data string using the security key to
decrypt the data string, without exposing the security key to the local process – Chu  [0052] … t The SE 120 generates a storage root key (SRK) through a random number generator and may safely store the generated storage root key SRK in the secure storage device (e.g., a secure NVRAM) of the SE 120.  Here, the claimed ‘local process’ is taught by Chu as ‘SE 120’);
                 verify the credential against a credential retrieved from a decrypted string :
obtained from the encryption function - Chu [0090] FIG. 13 illustrates a diagram of a HMAC verification process using TEE 114 and SE 120, according to an embodiment of the inventive concept. The TEE 114 verifies HMAC calculated through a HMAC generation request in the SE 120); and
                  subsequent to performance of the encryption function, provide a first encrypted string obtained from the encryption function to the local process  – Chu  [0049] the public key of the SE 120 may be transmitted in the form of a 256 byte modulus and an exponent (e.g., fixed to "0x010001"). The Status includes information whether the public key request is successfully performed. Here the claimed ‘matches’ is taught by Chu as ‘successfully performed’.  FUJIBAYASHI FURTHER TEACHES provide a first encrypted string obtained from the encryption function to the process and 
when the encryption function involves encrypting the data string Fujibayashi - [0095] First, the volume management table is searched for an entry … in the write request, in order to determine whether to encrypt the logical volume 00 or not...The obtained encryption key is used in the encryption function unit 117A to encrypt the write data DT0 (S603). It would have been obvious to person of ordinary skill in the art before the effective filing date of the claimed invention to consider Fujibayashi use of the claimed ‘encryption function’ as an encryption store.  Chu infers an encryption function by the very presence of activating a health storage request.  Chu does not teach, and it is not easily disclosed, that the encryption function is listed in the request.  However, Fujibayashi teaches an arrangement whereby each disk interface unit has an encryption function unit.  Having both disk interface and encryption units is a computing platform enabling each write request to be parsed by different encryption functions.  Chu’s motivation to consider Fujibayashi stems from a desire to improve mobile computing platforms as taught by Chu at location [0003]).

              As to claim 13, the combination of Chu and Fujibayashi teaches the non-transitory computer-readable medium of claim 12, where the encrypted string is a first encrypted string – Chu [0058] After receiving an authentication response from the SE 120, the TEE 114 calculates an OwnerAuth (=SHA-256(PIN)) after receiving a PIN from a user through a trusted UI), and the instructions further cause the service to:
           when the encrypted function involves is encrypting the data string,                 provide a second encrypted string to a remote trusted third party – Chu …[0051] After that, an ownership request of the TEE 114 is made (Ownership Request). The TEE 114 transmits a Nonce (an arbitrary number that may be used only once) generated through an internal random number generator and a value EncOA obtained by RSA-encrypting the ownership authentication data (OwnerAuth) using a public key of the SE 120 to the SE 120.  Here, the claimed ‘data string’ is taught by Chu as ‘Nonce’ whereas the claimed ‘second encrypted string’ is taught by Chu as ‘OwnerAuth’ whereas the claimed ‘remote trusted third part’ is taught by Chu as ‘SE 120’); and
                 store, in a secure storage, a third encrypted string  - Chu [0052] After that, the SE 120 which received the ownership request decrypts the EncOA using a private key of the SE 120. The OwnerAuth may be safely stored in a secure storage device.  Here, the claimed ‘third encrypted string’ is taught by Chu as ‘EncOA’),
                 where the data string is retrievable from each combination of two of the first
encrypted string, the second encrypted string, and the third encrypted string - Chu [0054] The SE 120 generates a storage root key (SRK) through a random number generator and may safely store the generated storage root key SRK in the secure storage device (e.g., a secure NVRAM) of the SE 120).

                As to claim 14, the combination of Chu and Fujibayashi teaches the non-transitory computer-readable medium of claim 12, where the instructions further cause the service to provide a credential to the local process – Chu …The SE 120 may communicate with the TEE 114 by a secure protocol using a PIN (personal identification number).

              As to claim 15, claim 15 is a non-transitory computer-readable medium that is directed to the system of claim 11.  Therefore claim 15 is rejected for the reasons as set forth in claim 11.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from 
 /WILLIAM B JONES/Examiner, Art Unit 2491
3/22/2021

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491