Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendments
The amended claims 1, 3-9, 11-15 and 17-20 were considered under 35 USC 112, 101 and 103 for patentability over closest and analogous prior arts Qiu et al (US Pub. #: 20090031131), hereafter Qiu and Moore et al (US Pub. #: 20190140846), hereafter Moore have been fully considered and are persuasive. Claims 2, 10 and 16 is/are cancelled.

Allowable Subject Matter
1.	Amended claims 1, 3-9, 11-15 and 17-20 are allowed in light of applicant’s arguments, approved examiner’s proposed amendments and in light of prior art(s) made of record. 

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  Authorization for this examiner’s amendment was given in an interview with Abraham Delao (attorney) for filed amended claims on 05-07-2021:
1. (Currently Amended) A method for providing isolation of trust domains within a secure execution environment of a trusted component of an Information Handling System (IHS), the method comprising: software tokens from a memory device of the IHS, wherein each signing software token comprises a signing key and comprises a link to a privilege policy token, and wherein [[each]] the signing key of each signing software token is associated with a trust domain that is configured to operate in the secure execution environment of the IHS using signed instructions; retrieving a plurality of privilege policy tokens from the memory device of the IHS, wherein each privilege policy token specifies a plurality of resources of the IHS that  using signed instructions that have been validated; retrieving, from the memory device of the IHS, first signed instructions for the operation of a first trust domain within the secure execution environment of the IHS; validating [[the]] a signature of the first signed instructions based on a first signing key associated with the first trust domain, wherein the first signing key of the first trust domain is present in the plurality of signing software tokens retrieved from the memory device of the IHS; and [[if]] in response to determination that the first signed instructions of the first trust domain are validated, granting the first trust domain access to a first plurality of IHS resources specified by a first privilege policy token that is linked to the associated with the first trust domain[[.]];replacing the link from first signing key to the first privilege policy token with a link to a revoking the access by the first trust domain to the first plurality of resources of the IHS specified by the first privilege policy token; and Page 2 of 10Application No: 16/236,251Docket No.: 112170.01 granting the first trust domain access to [[a]] the second plurality of IHS resources specified by the second privilege policy token.
9. (Currently Amended) An Information Handling System (IHS), comprising: a flash memory; and an embedded controller coupled to the flash memory, wherein the embedded controller is configured to: Page 3 of 10Application No: 16/236,251Docket No.: 112170.01 retrieve a plurality of signing software tokens from the flash memory, wherein each signing software token comprises a signing key and comprises a link to a privilege policy token, and wherein [[each]] the signing key of each signing software token is associated with a trust domain that is configured to operate in the secure execution environment of the IHS using signed instructions; retrieve a plurality of privilege policy tokens from the flash memory, wherein each privilege policy token specifies a plurality of resources of the IHS that ; retrieve, from the flash memory, first signed instructions for the operation of a first trust domain within the secure execution environment of the IHS; validate [[the]] a signature of the first signed instructions based on a first signing key associated with the first trust domain, wherein the first signing key of the first trust domain is present in the plurality of signing software tokens retrieved from the memory device of the IHS; and [[if]] in response to determination that the first signed instructions of the first trust domain are associated with the first trust domain[[.]];
wherein a second privilege policy token is linked to the first signing key in replacement of the link to the first signing key by the first privilege policy token, and wherein the embedded controller is further configured to revoke the access by the first trust domain to the first plurality of resources of the IHS specified by the first privilege policy token and [[to]] grant the first trust domain access to a second plurality of IHS resources specified by the second privilege policy token.
15. (Currently Amended) An embedded controller coupled to a flash memory of an Information Handling System (IHS), wherein the embedded controller is configured to: retrieve a plurality of signing software tokens from the flash memory of the IHS, wherein each signing software token comprises a signing key and comprises a link to a privilege policy token, and wherein [[each]] the signing key of each signing software token is associated with a trust domain that is configured to operate in a secure execution environment of the embedded controller using signed instructions; retrieve a plurality of privilege policy tokens from the flash memory of the IHS, wherein each privilege policy token specifies a plurality of resources of the IHS that ; retrieve, from the flash memory, first signed instructions for the operation of a first trust domain within the secure execution environment of the embedded controller; , wherein the first signing key of the first trust domain is present in the plurality of signing software tokens retrieved from the flash memory of the IHS; and Page 5 of 10Application No: 16/236,251Docket No.: 112170.01 [[if]] in response to determination that the first signed instructions of the first trust domain are validated, grant the first trust domain access to a first plurality of IHS resources specified by a first privilege policy token that is linked to the associated with the first trust domain[[.]];  
wherein a second privilege policy token is linked to the first signing key in replacement of the link to the first signing key by the first privilege policy token, and wherein the embedded controller is further configured to revoke the access by the first trust domain to the first plurality of resources of the IHS specified by the first privilege policy token and [[to]] grant the first trust domain access to a second plurality of IHS resources specified by the second privilege policy token.


Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
As to the independent claim 1, the prior art of reference Qiu teaches [0038-41] a plurality of hardware tokens associated with respective trusted domain are retrieved by [0025] Token Requester and Management System (TRMS) [0063] from its database; [0037] each the hardware token contains a signing key and a public key pair and [0025] the token's credentials are associated with access control lists (ACLs) which are created for each PKI data that is specific to a product; [0085]  plurality of ACLs loaded to a PKI server, with each ACL corresponding to a specific PKI type or product line, where each ACL is associated with a generated token; [0084] token validator allows the user to select the token type. The token type is specified so that the correct token password embedded within the token validator software can be used to open a session to view the token certificate. After determining if the token is installed to its target domain. If the "common name" field matches the target domain's identifier, the token is installed in the correct domain that maintains an ACL associated with the token.

Further, a second prior art of record Moore teaches [0298] computer programs are received where  [0066] TEE (trusted execution environment) includes secret import key (SIKpub) in the signed, updated report, such computer programs, when executed or loaded by an application; [0006, 30, 54] a first TEE receives from a second TEE measurements (code type, and/or compilation date of TEE and/or a key used to sign it) which are [0219] used to authenticate the second TEE based at least in part on the self-reported measurements of the second TEE.

None of the other prior arts of record teach by themselves or in any combination, would have anticipated nor render obvious by combination the claimed invention of the present application at or before the time it was filed.  The prior arts of record fail to teach: secure execution environment (SEE) that supports execution of validated software instructions on behalf of trust domains that operate within the SEE to implement functions and to support hardware supported by the HIS by using software signing tokens where each token comprises a link and a key, where the token is associated with a trust domain. Signed instructions for the operation of a trust domain are retrieved and authenticated based on a signing token associated with the trust domain. If authenticated, the trust domain is granted access to resources set forth in a privilege policy token linked to the signing token of the trust domain. The privileges assigned to a trust domain may be modified by linking the trust domain's signing token to a new privilege policy token.

Therefore, independent claim 1 and their corresponding dependent claims are allowed in light of applicant’s arguments, approved examiner’s amendments and prior arts of record. The same amendments and reasoning are applicable to independent claims 10 and 16 mutatis mutandis.  Claims 2, 10 and 16 is/are cancelled.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Badri -- Champakesan whose telephone number is (571)270-3867.  The examiner can normally be reached on M-F: 7:45am-5pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T. Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/BADRINARAYANAN /Examiner, Art Unit 2438.