DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on September 24, 2020, is accepted.
Claims 1 – 8 are being considered on the merits.

Drawings
The drawings, filed on September 24, 2020, are accepted.

Specification
The specification, filed on September 24, 2020, is accepted.

Claim Objections
Claim 6 objected to because of the following informalities: 
In claim 6, it recites “at least 2 processes”. This is inconsistent with the parent claim which recites “at least two processes”. Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 8 rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim do not fall within at least one of the four categories of patent eligible subject matter because the claim directed towards software per se which is not limited to 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 5 and 7 – 8 are rejected under 35 U.S.C. 103 as being unpatentable over US 20130232344 A1 to Johnson et al., (hereinafter, “Johnson”) in view of US 20160065362 A1 to Choyi et al., (hereinafter, “Choyi”).
Regarding claim 1, Johnson teaches a method of communication among at least two processes running on the same computer, the method comprising: generating, by at least one process of the at least two processes, a group key 5usable for encrypting a data unit to be stored in shared access memory and usable for decrypting a data unit retrieved from shared access memory, [Johnson, para. 248 discloses enable the multiple secure enclave packages within the same platform or system to create a common key between them, thereby enabling a plurality of packages within the same system or platform to work seamlessly and securely together. In one embodiment, it also enables system managers to group or configure packages together into a secure bundle. In one embodiment, a secure multi-package key is created by providing package-specific key information to each package from a trusted source and enabling them to negotiate and securely store a common multi-package key] 10wherein each process executes in a protected container comprised in a protected container infrastructure, [Johnson, para. 50 discloses the EPC is kept as a separate container managed by the microcode. The container is not accessible when execution is not inside the enclave. When the enclave is entered, control is transferred to the enclave code inside the EPC which is contained in a separate container] the processes are signed by a single signing authority, and the protected container infrastructure enables use of encrypted, integrity-protected data according to a platform-provided hiding function and a platform-provided revealing function; [Johnson, para. 194 discloses each license includes a license type, which determines what additional steps may be taken for the permit to be usable. Per Platform Licenses require that a License Authority in the cloud maintain a billing count of platforms the enclave is deployed on. For licenses of this type, an additional step is required. An Architectural Enclave called the License Enclave will negotiate with the License Authority in the cloud, and upon approval, will provide an addition MAC on the permit using the License Key. Architectural Enclaves, for example, are always Bulk License, meaning they do not require the License Key MAC in order to run. They work on any platform supporting Secure Enclaves. Para. 63 discloses Enclave pages residing in system memory are protected using encryption and integrity. During the load of the page into the EPC, the page is copied into the EPC, decrypted and page's integrity is checked.] and 15verifying, by at least one process of the at least two processes, that a data unit read from the shared access memory is successfully decrypted using the group key [Johnson, para. 304 discloses in order to protect user privacy and data across platform waterfalls, a 256-bit random Owner Epoch is included in the derivations of key. This value is created randomly during ownership change. Prior to the use of enclave keys software may write the OwnerEpoch to the SE_EPOCH_MSR. This can be achieved by the BIOS, which stores it persistently in flash. It can be calculated from some user input, such as the hash of a user boot password. It can also be provided by a Secure Enclaves driver prior to allowing enclave use. Para. 305 discloses Confidentiality of this value is required to ensure that data encrypted by the platform cannot be decrypted in the originally authorized enclave by someone in possession of the laptop after a waterfall. Compromise of this value does not result in the compromise of any enclave data. Para. 63 discloses Enclave pages residing in system memory are protected using encryption and integrity. During the load of the page into the EPC, the page is copied into the EPC, decrypted and page's integrity is checked], but Johnson does not teach wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function. 
However, Choyi does teach wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function. [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+). The function that generates X may be a HMAC-SHA-256 function, for example. Similarly, at 714, the PSSF 202 may derive a second intermediate key that is equal to a function of the nonce and the second key KeNB2. The second intermediate key may also be derived based on the nonce and a derivative of the second key KeNB2. The derivative of the second key may be referred to as a second derivative key KeNB2+. In some cases, the second derivative key KeNB2+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the second intermediate key is referred to as “Y” and the function that generates Y may be represented by f (Nonce, KeNB2) or f(Nonce, KeNB2+). In accordance with the illustrated embodiment, at 716, the PSSF 202 sends (transmits) the nonce and second intermediate key Y to the first UE 704. The second intermediate key Y may be encrypted using X, and thus the encrypted value of Y may be represented by “{Y}x”. At 718, in accordance with the illustrated embodiment, the PSSF 202 sends (transmits) the nonce and the second intermediate key X to the second UE 706. The second intermediate key X may be encrypted using Y, and thus the encrypted value of X may be represented by {Y}x. At 720, the first UE 704 derives X from the function of the nonce and the first key, and further decrypts Y using X. The first UE 704 may generate a third key (KeNB)PrAS that is equal to a function of the first intermediate key X and second intermediate key Y, and thus can be referred to as f(X, Y). (Examiner notes that the first intermediate key which is the first nonce from a first UE and the second intermediate key which is the second nonce from a second UE. Both are used to create a third key that is used by both the first UE and second UE.)]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

Regarding claim 2, modified Johnson teaches the method of claim 1, but Johnson does not teach wherein the generating a group key is performed by each of the at least two processes. 
However, Choyi does teach wherein the generating a group key is performed by each of the at least two processes. [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f (Nonce, KeNB1+). The function that generates X may be a HMAC-SHA-256 function, for example. Similarly, at 714, the PSSF 202 may derive a second intermediate key that is equal to a function of the nonce and the second key KeNB2. The second intermediate key may also be derived based on the nonce and a derivative of the second key KeNB2. The derivative of the second key may be referred to as a second derivative key KeNB2+. In some cases, the second derivative key KeNB2+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the second intermediate key is referred to as “Y” and the function that generates Y may be represented by f (Nonce, KeNB2) or f(Nonce, KeNB2+). In accordance with the illustrated embodiment, at 716, the PSSF 202 sends (transmits) the nonce and second intermediate key Y to the first UE 704. The second intermediate key Y may be encrypted using X, and thus the encrypted value of Y may be represented by “{Y}x”. At 718, in accordance with the illustrated embodiment, the PSSF 202 sends (transmits) the nonce and the second intermediate key X to the second UE 706. The second intermediate key X may be encrypted using Y, and thus the encrypted value of X may be represented by {Y}x. At 720, the first UE 704 derives X from the function of the nonce and the first key, and further decrypts Y using X. The first UE 704 may generate a third key (KeNB)PrAS that is equal to a function of the first intermediate key X and second intermediate key Y, and thus can be referred to as f(X, Y). (Examiner note that the first intermediate key which is the first nonce from a first UE and the second intermediate key which is the second nonce from a second UE. Both are used to create a third key that is used by both the first UE and second UE.)]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

 Regarding claim 3, modified Johnson teaches the method of claim 2, but Johnson does not teach wherein the generating a group key is according to a method comprising: generating a nonce; creating encrypted, integrity-protected data according to the nonce and the platform-provided hiding function; storing the encrypted, integrity-protected data to a location in a shared access memory;WO 2019/186554PCT/IL2019/05035121 retrieving, at least, nonces stored by each of the at least two processes excepting itself, wherein the nonces are retrieved according to data read from locations in shared access memory and the platform-provided revealing function; and generating a group key, according to a key generation function and at least the 5retrieved nonces and the nonce generated by the process.  
However, Choyi does teach wherein the generating a group key is according to a method comprising: generating a nonce; [Choyi, para. 45 discloses the PSSF 202 generates a nonce] creating encrypted, integrity-protected data according to the nonce and the platform-provided hiding function; [Choyi, para. 38 discloses keys may also be derived (generated), and the derived keys may be used to encrypt and integrity-protect user data communications. By way of example, a public safety worker may want communications to be encrypted and messages to be authenticated to ensure that P2P communications are only received and processed by intended personnel] storing the encrypted, integrity-protected data to a location in a shared access memory;WO 2019/186554PCT/IL2019/05035121 [Choyi, para. 85 discloses Users/UEs may maintain and store a list of user identities 1102 that have been communicated for discovery purposes. For example, the list of identities 1102 that are maintained by a user may imply that the users whose identities have been listed are providing a discovery authorization to the particular user that maintains the list. When a user receives a discovery message, it may use its list of identities 1102. The user may run each one of the identities from the list of identities 1102 through a hashing algorithm 1104 to compute a hashed value of the identity. Still referring to FIG. 11A, at 1106, the computed hashed value of the identity may be compared to the hashed identity that was received in the discovery message. If there is a match, the user/UE may process the discovery message. If there is not match, the UE may retrieve another identity from the list of identities 1102 until there are not more identities to retrieve, or until there is a match. Para. 88 discloses a UE may store a list of identities and shared secrets 1102a. Thus, an identity and a shared secret may be provided to the hashing algorithm, as described with reference to FIG. 11A.] retrieving, at least, nonces stored by each of the at least two processes excepting itself, wherein the nonces are retrieved according to data read from locations in shared access memory and the platform-provided revealing function; [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+). The function that generates X may be a HMAC-SHA-256 function, for example. Similarly, at 714, the PSSF 202 may derive a second intermediate key that is equal to a function of the nonce and the second key KeNB2. The second intermediate key may also be derived based on the nonce and a derivative of the second key KeNB2. The derivative of the second key may be referred to as a second derivative key KeNB2+. In some cases, the second derivative key KeNB2+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the second intermediate key is referred to as “Y” and the function that generates Y may be represented by f (Nonce, KeNB2) or f(Nonce, KeNB2+). In accordance with the illustrated embodiment, at 716, the PSSF 202 sends (transmits) the nonce and second intermediate key Y to the first UE 704. The second intermediate key Y may be encrypted using X, and thus the encrypted value of Y may be represented by “{Y}x”. At 718, in accordance with the illustrated embodiment, the PSSF 202 sends (transmits) the nonce and the second intermediate key X to the second UE 706. The second intermediate key X may be encrypted using Y, and thus the encrypted value of X may be represented by {Y}x. At 720, the first UE 704 derives X from the function of the nonce and the first key, and further decrypts Y using X. The first UE 704 may generate a third key (KeNB)PrAS that is equal to a function of the first intermediate key X and second intermediate key Y, and thus can be referred to as f(X, Y). (Examiner note that the first intermediate key which is the first nonce from a first UE and the second intermediate key which is the second nonce from a second UE. Both are used to create a third key that is used by both the first UE and second UE.)] and generating a group key, according to a key generation function and at least the 5retrieved nonces and the nonce generated by the process. [Choyi, para. 46 discloses the second UE 706 derives Y from the function of the nonce and the second key, and further decrypts X using Y. In accordance with the illustrated embodiment, the second UE 704 also generates the third key (KeNB).sub.PrAS that is equal to a function of the first intermediate key X and the second intermediate key Y. The third key (KeNB).sub.PrAS may form the root-key for ProSe communications, and thus the third key can also be referred to as a common shared key for securing proximity communications between the first UE 704 and the second UE 706.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

As per claim 4, modified Johnson teaches the method of claim 3, wherein the key generation function is a cryptographic hash function. [Johnson, para. 281 discloses the crypto algorithm used to encrypt these keys is 10 rounds of 128 bit AES-ECB decrypt. The key generation server will apply AES-ECB encrypt to each key to generate a cipher text key that will be burned in fuses.] 

As per claim 5, modified Johnson teaches the method of claim 3, wherein the key generation function is a sampling function. [Johnson, para. 246 discloses an encryption algorithm or program 1773 may then be used to generate a set of secure key information 1773 for all member packages within the system or platform. In one embodiment, the platform-level key is generated using hardware logic which may generate the platform-level key in response to software commands or electrical signals. In one embodiment, the platform level key is to be generated according to prior art encryption algorithms.]

Regarding claim 7, Johnson teaches a computer, comprising a memory and a processor, configured to execute at least two processes, [Johnson, para. 35 discloses microprocessor 100 having one or more processor cores 105 and 110, each having associated therewith a local cache 107 and 113, respectively. Also illustrated in FIG. 1 is a shared cache memory 115 which may store versions of at least some of the information stored in each of the local caches 107 and 113. In some embodiments, microprocessor 100 may also include other logic not shown in FIG. 1, such as an integrated memory controller, integrated graphics controller, as well as other logic to perform other functions within a computer system, such as I/O control. In one embodiment, each microprocessor in a multi-processor system or each processor core in a multi-core processor may include or otherwise be associated with logic 119 to enable secure enclave techniques, in accordance with at least one embodiment. The logic may include circuits, software (embodied in a tangible medium) or both to enable more efficient resource allocation among a plurality of cores or processors than in some prior art implementations] the computer configured to: generate, by at least one process of the at least two processes, a group key usable 15for encrypting a data unit to be stored in shared access memory and usable for decrypting a data unit retrieved from shared access memory, 20wherein each process is configured to execute in a protected container comprised in a protected container infrastructure, [Johnson, para. 50 discloses the EPC is kept as a separate container managed by the microcode. The container is not accessible when execution is not inside the enclave. When the enclave is entered, control is transferred to the enclave code inside the EPC which is contained in a separate container]  the processes configured to be signed by a single signing authority, and the protected container infrastructure configured for use of encrypted, integrity- protected data according to a platform-provided hiding function and a 25platform-provided revealing function; [Johnson, para. 194 discloses each license includes a license type, which determines what additional steps may be taken for the permit to be usable. Per Platform Licenses require that a License Authority in the cloud maintain a billing count of platforms the enclave is deployed on. For licenses of this type, an additional step is required. An Architectural Enclave called the License Enclave will negotiate with the License Authority in the cloud, and upon approval, will provide an addition MAC on the permit using the License Key. Architectural Enclaves, for example, are always Bulk License, meaning they do not require the License Key MAC in order to run. They work on any platform supporting Secure Enclaves] and verify, by at least one process of the at least two processes, that a data unit read from the shared access memory is successfully decrypted using the group key [Johnson, para. 304 discloses in order to protect user privacy and data across platform waterfalls, a 256-bit random Owner Epoch is included in the derivations of key. This value is created randomly during ownership change. Prior to the use of enclave keys software may write the OwnerEpoch to the SE_EPOCH_MSR. This can be achieved by the BIOS, which stores it persistently in flash. It can be calculated from some user input, such as the hash of a user boot password. It can also be provided by a Secure Enclaves driver prior to allowing enclave use. Para. 305 discloses Confidentiality of this value is required to ensure that data encrypted by the platform cannot be decrypted in the originally authorized enclave by someone in possession of the laptop after a waterfall. Compromise of this value does not result in the compromise of any enclave data. Para. 63 discloses Enclave pages residing in system memory are protected using encryption and integrity. During the load of the page into the EPC, the page is copied into the EPC, decrypted and page's integrity is checked], but Johnson does not teach wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function. 
However, Choyi does teach wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function. [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+). The function that generates X may be a HMAC-SHA-256 function, for example. Similarly, at 714, the PSSF 202 may derive a second intermediate key that is equal to a function of the nonce and the second key KeNB2. The second intermediate key may also be derived based on the nonce and a derivative of the second key KeNB2. The derivative of the second key may be referred to as a second derivative key KeNB2+. In some cases, the second derivative key KeNB2+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the second intermediate key is referred to as “Y” and the function that generates Y may be represented by f (Nonce, KeNB2) or f(Nonce, KeNB2+). In accordance with the illustrated embodiment, at 716, the PSSF 202 sends (transmits) the nonce and second intermediate key Y to the first UE 704. The second intermediate key Y may be encrypted using X, and thus the encrypted value of Y may be represented by “{Y}x”. At 718, in accordance with the illustrated embodiment, the PSSF 202 sends (transmits) the nonce and the second intermediate key X to the second UE 706. The second intermediate key X may be encrypted using Y, and thus the encrypted value of X may be represented by {Y}x. At 720, the first UE 704 derives X from the function of the nonce and the first key, and further decrypts Y using X. The first UE 704 may generate a third key (KeNB)PrAS that is equal to a function of the first intermediate key X and second intermediate key Y, and thus can be referred to as f(X, Y). (Examiner note that the first intermediate key which is the first nonce from a first UE and the second intermediate key which is the second nonce from a second UE. Both are used to create a third key that is used by both the first UE and second UE.)]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

Regarding claim 8, Johnson teaches a computer program product comprising a computer readable storage medium containing program instructions, which programs instructions when read by a processor, and causes the processor to perform a method of communication among at least two processes running on the same computer, [Johnson, para. 38 discloses one or more aspects of at least one embodiment may be implemented by representative data stored on a machine-readable medium which represents various logic within the processor, which when read by a machine causes the machine to fabricate logic to perform the techniques described herein. Such representations, known as "IP cores" may be stored on a tangible, machine readable medium ("tape") and supplied to various customers or manufacturing facilities to load into the fabrication machines that actually make the logic or processor] the method comprising: 5generating, by at least one process of the at least two processes, a group key usable for encrypting a data unit to be stored in shared access memory and usable for decrypting a data unit retrieved from shared access memory, [Johnson, para. 248 discloses enable the multiple secure enclave packages within the same platform or system to create a common key between them, thereby enabling a plurality of packages within the same system or platform to work seamlessly and securely together. In one embodiment, it also enables system managers to group or configure packages together into a secure bundle. In one embodiment, a secure multi-package key is created by providing package-specific key information to each package from a trusted source and enabling them to negotiate and securely store a common multi-package key] wherein each process executes in a protected container comprised in a protected container infrastructure, [Johnson, para. 50 discloses the EPC is kept as a separate container managed by the microcode. The container is not accessible when execution is not inside the enclave. When the enclave is entered, control is transferred to the enclave code inside the EPC which is contained in a separate container] the processes are signed by a single signing authority, and the protected container infrastructure enables use of encrypted, integrity-protected data according to a platform-provided 15hiding function and a platform-provided revealing function; [Johnson, para. 194 discloses each license includes a license type, which determines what additional steps may be taken for the permit to be usable. Per Platform Licenses require that a License Authority in the cloud maintain a billing count of platforms the enclave is deployed on. For licenses of this type, an additional step is required. An Architectural Enclave called the License Enclave will negotiate with the License Authority in the cloud, and upon approval, will provide an addition MAC on the permit using the License Key. Architectural Enclaves, for example, are always Bulk License, meaning they do not require the License Key MAC in order to run. They work on any platform supporting Secure Enclaves] and verifying, by at least one process of the at least two processes that a data unit read from the shared access memory is successfully decrypted using the group key [Johnson, para. 304 discloses in order to protect user privacy and data across platform waterfalls, a 256-bit random Owner Epoch is included in the derivations of key. This value is created randomly during ownership change. Prior to the use of enclave keys software may write the OwnerEpoch to the SE_EPOCH_MSR. This can be achieved by the BIOS, which stores it persistently in flash. It can be calculated from some user input, such as the hash of a user boot password. It can also be provided by a Secure Enclaves driver prior to allowing enclave use. Para. 305 discloses Confidentiality of this value is required to ensure that data encrypted by the platform cannot be decrypted in the originally authorized enclave by someone in possession of the laptop after a waterfall. Compromise of this value does not result in the compromise of any enclave data. Para. 63 discloses Enclave pages residing in system memory are protected using encryption and integrity. During the load of the page into the EPC, the page is copied into the EPC, decrypted and page's integrity is checked], but Johnson does not teach wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected 10data according to, at least, a platform-provided hiding function. 
However, Choyi does teach wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function. [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+). The function that generates X may be a HMAC-SHA-256 function, for example. Similarly, at 714, the PSSF 202 may derive a second intermediate key that is equal to a function of the nonce and the second key KeNB2. The second intermediate key may also be derived based on the nonce and a derivative of the second key KeNB2. The derivative of the second key may be referred to as a second derivative key KeNB2+. In some cases, the second derivative key KeNB2+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the second intermediate key is referred to as “Y” and the function that generates Y may be represented by f (Nonce, KeNB2) or f(Nonce, KeNB2+). In accordance with the illustrated embodiment, at 716, the PSSF 202 sends (transmits) the nonce and second intermediate key Y to the first UE 704. The second intermediate key Y may be encrypted using X, and thus the encrypted value of Y may be represented by “{Y}x”. At 718, in accordance with the illustrated embodiment, the PSSF 202 sends (transmits) the nonce and the second intermediate key X to the second UE 706. The second intermediate key X may be encrypted using Y, and thus the encrypted value of X may be represented by {Y}x. At 720, the first UE 704 derives X from the function of the nonce and the first key, and further decrypts Y using X. The first UE 704 may generate a third key (KeNB)PrAS that is equal to a function of the first intermediate key X and second intermediate key Y, and thus can be referred to as f(X, Y). (Examiner note that the first intermediate key which is the first nonce from a first UE and the second intermediate key which is the second nonce from a second UE. Both are used to create a third key that is used by both the first UE and second UE.)]Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over US 20130232344 A1 to Johnson et al., (hereinafter, “Johnson”) in view of US 20160065362 A1 to Choyi et al., (hereinafter, “Choyi”) in further view of US 20170171169 A1 to Lee et al., (hereinafter, “Lee”).
Regarding claim 6, modified Johnson teaches the method of claim 2, but modified Johnson does not teach wherein a first process of the at least 2 processes excludes 10nonces stored by a second process according to whether a frequency of group key rollovers initiated by the second process meets group key rollover threshold.
However, Lee does teach wherein a first process of the at least 2 processes excludes 10nonces stored by a second process according to whether a frequency of group key rollovers initiated by the second process meets group key rollover threshold. [Lee, para. 48 discloses To prevent packet number re-use (and nonce re-use) with a particular group key, the device may be configured to determine whether an expiration condition associated with a group key (e.g., a temporal key) is satisfied based on a subset of bits of the TSF value or a packet number initialization value stored at the non-volatile memory. For example, in response to the device receiving a frame indicating the TSF value (or in response to the device generating the TSF value if the device is operating as an anchor master device), the device may compare a subset of bits of the TSF value to a threshold (e.g., an expiration threshold). The subset of bits includes the same number of bits as the packet number counter. If the subset of bits exceeds the threshold, the expiration condition is satisfied. For example, the device may compare the subset of bits to a particular value (e.g., the expiration threshold), such as a value that is one less than a value associated with the wrap-around condition or a different value that is less than the value associated with the wrap-around condition, and if the value exceeds the particular value, the expiration condition is satisfied. As another example, the device may detect that a value of a set of bits of the packet number initialization value is equal to or exceeds a particular value (e.g., the expiration threshold). The particular value may be a particular amount less than the value associated with the wrap-around condition. If the value of the set of bits is equal to or exceeds the particular value, the expiration condition is satisfied. In response to the expiration condition being satisfied, the device may perform one or more group key expiration actions to prevent nonce re-use with a particular group key. For example, the device may initiate generation of a second group key. As another example, the device may initiate a tear down operation for the data link group.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Lee’s system with modified Johnson’s system, with a motivation to prevent nonce re-use in a data link group of a neighbor aware network (NAN) are disclosed. Devices of the data link group may be configured to determine or set packet numbers to particular values based on a packet number initialization scheme associated with the data link group. [Lee, para. 39]

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434