DETAILED ACTION
Applicant’s preliminary amendment filed 1/13/2021 has been fully considered. 
Claims 17-35 are pending and have been examined. Claims 1-16 have been canceled.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
The rejection under 35 USC § 112 is withdrawn. 
The provisional Double Patenting rejection is withdrawn in view of the Terminal Disclaimer filed on 1/13/2021.
Regarding the rejection under 35 USC 101, Examiner respectfully points out that the claims are drawn to receiving, unwrapping, and performing operations using an encryption key. As encryption courses are taught using relatively small prime numbers to generate encryption keys and short strings to show the encryption operation using simple prime numbers, the claims remain an abstract idea, and a “mental process” as students in those courses can use pen/paper to calculate/generate the keys and the encrypted values. Furthermore, the claims are not novel and non-obvious over the art of record and are thus not directed to an inventive concept, i.e. the prior art (Hitchcock) already teaches receiving an encrypted key, generating a key, and using that key for operations. 
Regarding the arguments against Hitchcock, Examiner respectfully points out that while the elements must be arranged as required by the claim, but this is not an ipsissimis verbis test, i.e., identity of terminology is not required. In re Bond, 910 F.2d 831, 15 USPQ2d 1566 (Fed. Cir. 1990). Note that, in some circumstances, it is permissible to use multiple references in a 35  U.S.C. 102 rejection. 
Hitchcock receives an encrypted key, and “uses” it to generate another key, and then uses this new key to perform operations. Absent a clearer definition or amendment of what each claimed key is or how it is created, Hitchcock anticipates the claims. Applicant’s arguments are not persuasive. 
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Terminal Disclaimer
The terminal disclaimer filed on 1/13/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent 10205710 has been reviewed and is accepted.  The terminal disclaimer has been recorded.
Claim Rejections - 35 USC § 101
Claims 17-35 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) receiving, generating, and performing encryption operations. 
This judicial exception is not integrated into a practical application because they are broad enough to cover receiving, combining, encrypting text in the mind or with pen/paper, other than the generic computer components. 
Regarding Prong One, these steps, as drafted, form a process that under its broadest reasonable interpretation covers performance of the limitation in the mind or with pen/paper but for the recitation of generic computer components. That is, other than reciting “a client”, nothing in the claim element precludes the step from practically being performed in the human mind. For example, but for the “a client” language, the claim encompasses a user receiving, generating, and performing encryption operations as introduction to elementary encryption classes are taught, picking some prime numbers, generating some PKI keys, and encrypting short strings or simple words based on the encryption parameters. 
Regarding Prong Two, there are no additional element(s) or a combination of elements in the claim that apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that it is more than a drafting effort designed to monopolize the exception.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claims only use generic computer components. Mere instructions to apply an exception using generic components cannot provide an inventive concept. Additionally, the mere nominal recitation of a generic processor does not take the claim limitation out of the mental processes grouping. Thus, the claims recite a mental process and are not patent eligible.
The claims are directed to well-understood, routine, and conventional activity as evidenced by the “background of the invention” section and the cited references.
Claim Rejections - 35 USC § 102
Claims 17-35 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hitchcock (9141769).
Regarding claim 17, Hitchcock teaches A method performed by a client system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed, cause the client system to perform the method, the method comprising (abstract): 
receiving a wrapped server key in an execution environment of the client system associated with a software application (col.2, 40-col.3, 20, receive encrypted key, for TEE); 
generating, by a protected client module executing within the execution environment associated with the software application provisioned to the client system by a trusted service, a protected server key, the protected server key being generated using the wrapped server key and a protected private key associated with the protected client module (col.7, 30-67, derive key based on other keys); and 
performing, by the protected client module, at least one secure operation within the execution environment associated with the software application using the protected server key (col.7, 55-col.8, 35, perform services based on derived key). 
Regarding claim 18, Hitchcock teaches wherein the execution environment associated with the software application comprises a sandboxed execution environment of the client system separate from a protected execution environment (4, 10-50). 
Regarding claim 19, Hitchcock teaches wherein the software application comprises a browser application (5, 25-55). 
Regarding claim 20, Hitchcock teaches wherein the protected client module comprises a script application executing within the execution environment associated with the browser application (5, 25-55). 
Regarding claim 21, Hitchcock teaches wherein the wrapped server key comprises a server key wrapped using a public key provisioned by the trusted service corresponding to the protected private key (7, 30-67). 
Regarding claim 22, Hitchcock teaches wherein the protected private key comprises a private key protected with white-box cryptography (8, 20-67). 
Regarding claim 23, Hitchcock teaches wherein the protected server key comprises a server key protected with white-box cryptography (8, 20-67). 
Regarding claim 24, Hitchcock teaches wherein the secure operation comprises a cryptographic transaction (8, 45-67, 9, 1-40). 
Regarding claim 25, Hitchcock teaches wherein the secure operation comprises an encryption operation (8, 45-67, 9, 1-40). 
Regarding claim 26, Hitchcock teaches wherein the secure operation comprises a decryption operation (8, 45-67, 9, 1-40). 
Regarding claim 27, Hitchcock teaches wherein the secure operation comprises a cryptographic signature operation (8, 45-67, 9, 1-40). 
Regarding claim 28, Hitchcock teaches wherein the secure operation comprises a cryptographic signature verification operation (8, 45-67, 9, 1-40). 
Regarding claim 29, Hitchcock teaches wherein the wrapped server key is generated by a key wrapping module executing a protected execution environment of the client system, the execution environment associated with the software application being different than the protected execution environment of the system (col.4, 50 – col.5, 15, col.9, 40-67). 
Regarding claim 30, Hitchcock teaches wherein the wrapped server key is received from the key wrapping module (col.4, 50 – col.5, 15, col.9, 40-67).
Regarding claim 31, Hitchcock teaches wherein the wrapped server key is generated by the trusted service (col.4, 50 – col.5, 15, col.9, 40-67). 
Regarding claim 32, Hitchcock teaches wherein the wrapped server key is received from the trusted service (col.4, 50 – col.5, 15, col.9, 40-67). 
Regarding claim 33, Hitchcock teaches wherein the method further comprises receiving a request via an application program interface associated with the protected client module to perform the at least one secure operation (4, 30-67). 
Regarding claim 34, Hitchcock teaches wherein performing the at least one secure operation further comprises determining that the at least one secure operation corresponds to at least one defined function exposed by the application program interface (4, 30-67). 
Regarding claim 35, Hitchcock teaches wherein the at least one defined function comprises a function articulated in metadata associated with the wrapped server key (4, 30-67).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Swaminathan (20130166906) similarly teaches providing encrypted keys to applications running on an execution environment.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David Garcia Cervetti whose telephone number is (571)272-5861.  The examiner can normally be reached on Monday-Friday 8AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, HADI ARMOUCHE can be reached on (571)270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/David Garcia Cervetti/Primary Examiner, Art Unit 2419