DETAILED ACTION
This office action is in response to applicant’s communication dated 8/20/2021. If needed, this communication is herein referred to as “Amendment”. 
The Amendment was in response to examiner's final office action dated 2/23/2021. If needed, this office action is herein referred to as “Previous OA”.
Any citation of the instant specification is as published in US Patent Application Publication 20170359333.

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/20/2021 has been entered.
 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/20/2021 is being considered by the examiner.

Claims’ Status
Claims 1-20 are pending and are currently being examined.

Response to Amendment
102/103 Rejections
Applicant's 102/103 arguments filed 8/20/2021 have been fully considered but they are not persuasive. See the specific applicant arguments and examiner’s responses below:

102/103 Argument 1:
	The applicant argues that Chang doesn’t teach claim 1, as modified, because Chang provides no description for how the intent to switch the OS is determined, and as such Chang doesn’t teach/suggest “instructions that cause at least one processor to identify a switching event that corresponds to an attempted operation that matches a predetermined type of operation indicative of a possible security compromise of a main operating system (OS)” (Amendment, Pg 7)

102/103 Response 1:
The examiner respectfully disagrees. As explained in the 102 rejection section below, Chang teaches… 
instructions [that] cause the at least one processor to identify a switching event (a signal for switching) (Pg 6:19-27)


102/103 Argument 2:
	The applicant also relies on the 102/103 argument above to further allege the patentability of claim(s) 1 and/or remaining claim(s). (Amendment, Pg(s) 7-8)

102/103 Response 2:
	The examiner respectfully disagrees at least for the same reasons provided in the above 102/103 responses and/or in the below 102/103 rejection sections.

Claim Objections
Claim 18 is objected to because of the following informalities:  
Claim 18 recites “responsive executing the one or more secure operations in the secure OS”, which, for purposes of improving clarity, to executing the one or more secure operations in the secure OS”.
Appropriate correction is required.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.

Claim(s) 1-2, 4-5, 8-11, 14-18 are rejected under 35 U.S.C. 102(b) as being anticipated by Chang (WO 2009/064048) because the invention was patented or described in a printed publication in this or a foreign country, or in public use or on sale in this country more than one (1) year prior to the application for patent in the United States.

	As per claims 1, 8 and 15, Chang teaches one or more storage devices or storage disks having instructions stored thereon (and respective device and method) which, when executed by at least one processor, cause the at least one processor to (see Apparatus 100, 200, 400 or 500, FIGs. 1-2, 4 or 5):
	identify a switching event (a signal for switching) (Pg 6:19-27)

switch from the main OS to a secure OS (deactivate first OS and execute second OS) responsive to identifying the switching event (Pgs 6:28-7:13), 
the secure OS executing in a trusted execution environment (TEE) isolated from the main OS (Pgs 14:15-15:1, describes the execution of a financial transaction, which high level of reliability, that is, a “trusted execution environment”. Also see Pgs 15:2-23; Pg 9:2-24, the second OS, that is “secure OS” is different from, that is, “isolated from” the first OS, the “main OS”). 
Further concerning claims 1, 8 and 15: Claim analysis is highly fact-dependent. A claim is only limited by positively recited elements. See MPEP § 2115. Here, the limitation “the secure OS executing in a trusted execution environment (TEE) isolated from the main OS” raise questions as to the limiting effect of the clause’s language upon the claims. See MPEP § 2111.04.I. The limitation appear to limit where Griffin v. Bertina, 283 F.3d 1029, 1034, 62 USPQ2d 1431 (Fed. Cir. 2002).

As per claims 2, 9 and 16, Chang teaches the one or more storage devices or storage disks of claim 1, the device of claim 8, and method of claim 15, wherein the instructions, when executed by the at least one processor, cause the at least one processor to
	identify one or more secure operations to be executed, wherein execution of the one or more secure operations in the main OS corresponds to the attempted operation that matches the predetermined type of operation indicative of the possible security compromise of the main OS (Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction service using the secure OS, necessarily occurs after identifying one or more secure operations to be executed. “Secure operations” is herein interpreted as operations effectuated using the secure OS.). 
Further concerning claims  2, 9 and 16: Here, the limitation “wherein execution of the one or more secure operations in the main OS corresponds to the attempted Griffin v. Bertina, 283 F.3d 1029, 1034, 62 USPQ2d 1431 (Fed. Cir. 2002).

	As per claims 4, 10 and 17, Chang teaches the one or more storage devices or storage disks of claim 2, the device of claim 9, and method of claim 16, having additional instructions stored thereon which, when executed by the at least one processor, cause the at least one processor to 
execute the one or more secure operations in the secure OS (Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction service using the secure OS, necessarily occurs after identifying one or more secure operations to be executed. “Secure operations” is herein interpreted as operations effectuated using the secure OS.)

As per claims 5, 11 and 18, Chang teaches the one or more storage devices or storage disks of claim 4, the device of claim 10, and method of claim 17, having the additional instructions which, when executed by the at least one processor, cause the at least one processor to
	switch from the secure OS to the main OS (Chang, FIG. 7 at S708, the First OS is activated again after the transactions are effectuated, therefore the switching back to the first OS is also “responsive to the one or more secure operations being executed” [of claim 11] and “responsive to executing the one or more secure operations in the secure operations in the secure OS” [of claim 18]). 

	As per claim 14, Chang teaches the device of claim 8, wherein the device comprises one of a smart phone, a tablet computer, a laptop computer (notebook PC), or a desktop computer (Pg 6:13-15). 

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim 3 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009/064048) as applied to claim 2 above, and further in view of Hoy (US Patent Application Publication 20130318594).

As per claim 3, Chang teaches the one or more storage devices or storage disks of claim 2, wherein the instructions, when executed by the at least one processor, cause the at least one processor to:
	monitor access to a web site (Pg 10:16-26, FIG. 7 at S702, determination unit 402 determines whether the authorized web site address is an access-permitted web site address, i.e., “monitor access to one or more web sites”; also see Pgs 14:1-10/15-24 and 15:17-20);
	[…]. 
	Chang further teaches that a certain web sites of financial institutions may be authorized for effectuating financial transaction services (Pg 10:16-26).
Chang doesn’t directly teach “compare the web site to a list of web sites” and “identify the one or more secure operations to be executed based, at least in part, on a result of the comparison”.
However, Hoy, in an analogous art of protection of computer systems from injurious software (Par 2), teaches the concept of a system that uses, at least in part, a whitelist of trusted websites, to help defend against internet security threats, such as malware that can infect an operation system (Pars. 34 and 57).
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time the invention was made, to apply the known concept of a system that uses, at least in part, a whitelist of trusted websites, to help defend against internet security threats, such as malware that can infect an operation system, as taught by Hoy, to modify the storage devices method of Chang, to include “compare the web site to a list .

Claim(s) 6, 12 and 19 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009/064048) as applied to claims 1, 8 and 15 above, and further in view of Covey (US Patent Application Publication 20090240923).

	As per claims 6, 12 and 19, Chang teaches the one or more storage devices or storage disks of claim 1, the device of claim 8, and method of claim 15.
Chang doesn’t directly teach “wherein the TEE is isolated from the main OS via memory access protection”. 
However, Covey, in an analogous art of data security in electronic devices (Par 1), teaches the concept of a trusted execution environment that includes memory access protection for sensitive data (Par 27). 
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time the invention was made, to apply the known concept of a trusted execution environment that includes memory access protection for sensitive data, as taught in Covey, to modify the storage device, device and method of Chang to include “wherein the TEE is isolated from the main OS via memory access protection”, because this would lead to the predictable result of more secure devices/method that is arranged to protect sensitive data stored memory.

Claim(s) 7, 13 and 20 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009/064048) as applied to claims 1, 8 and 15 above, and further in view of Owen (US Patent Application Publication 20120011354).

	As per claims 7, 13 and 20, Chang teaches the one or more storage devices or storage disks of claim 1, the device of claim 8, and method of claim 15. 
Chang doesn’t directly teach “wherein the secure OS is accessed via read-only memory”.
However, Owen, in an analogous art of a device for establishing secure computing environment (Abstract), teaches “the fact that the memory module 34, which stores the secure operating system 35, is read-only or otherwise write-protected makes the secure operating system 35 resistant to malware threats, since malicious software cannot be saved to the read-only memory module, or otherwise incorporated into the secure operating system 35” (Par 23).
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time the invention was made, to apply the known concept that a read-only memory makes the secure operating systems resistant to malware threats, as taught by Owen, to modify the second OS in Chang to include “wherein the secure OS is accessed via read-only memory”, because this would lead to the predictable result of more secure devices/method that make the second OS resistant to malware threats (Owen, Par 23).
 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Below is a list of these references, including why they are pertinent:
Rechef (US Patent 6199181), is pertinent for teaching at least part of the gist of the claimed invention by disclosing the concept of using multiple operating systems that control the same hardware, wherein the multiple operating systems have different trust levels or security levels (See at least Col 4:22-26).
Spitz (US Patent Application Publication 20140007120) also teaches/suggest identify a switching event, wherein the switching event corresponds to an indication of a possible security compromise of a main OS; and switch from the main OS to the secure OS responsive to identifying the switching event, wherein the secure OS is executing in a trusted execution environment (TEE) isolated from the main OS (see at least Par 10).
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GABRIEL S MERCADO whose telephone number is (408)918-7537.  The examiner can normally be reached on Mon-Fri 8am-5pm (Eastern Time).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Gabriel Mercado/Examiner, Art Unit 3685                                                                                                                                                                                                        /NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685