DETAILED ACTION
Claims 1-20 are pending and have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
It is noted that no Information Disclosure Statement has been filed.
No IDS has been received for this application. Applicants are reminded of the Duty to Disclose, from section 2001 of the MPEP (emphasis added). MPEP 2001 Duty of Disclosure, Candor, and Good Faith [R-08.2012] 37 C.F.R. 1.56 Duty to disclose information material to patentability. 
(a) A patent by its very nature is affected with a public interest. The public interest is best served, and the most effective patent examination occurs when, at the time an application is being examined, the Office is aware of and evaluates the teachings of all information material to patentability. Each individual associated with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the Office, which includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined in this section.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 10 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 10 recites the limitation "said interrupt".  There is insufficient antecedent basis for this limitation in the claim.
This is not intended to be a complete list of such issues.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


Claims 1-4 and 6-7 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Yang (20200034528).
Regarding claim 1, Yang teaches 1. An electronic device comprising (par.108-112): 
a Trusted Execution Environment (TEE) to securely execute code; a Rich Execution Environment (REE) to execute code (par.112-115); 
a hardware-based secure sub-system which comprises a cryptographic engine able to perform cryptographic operations (par.83-90); 
wherein the REE comprises a cryptographic driver configured to initiate a request for TEE authorization to perform a particular cryptographic operation by the cryptographic engine on a data-item that is stored in a memory region that is accessible by the REE (par.24-27, 110-114, 152-159); 
wherein the TEE comprises a policies manager to determine whether said request from the REE is approved or rejected, and if approved, to inject one or more data-items into said secure sub-system to enable performance of said particular cryptographic operation by said cryptographic engine in the secure sub-system (par.24-27, 93-100). 
Regarding claim 2, Yang teaches wherein the policies manager in the TEE is to determine whether to approve or reject said request, and is to further determine how to configure said one or more data-items, based on a query to a per-key policies database within the TEE (par.68-75, 90-95, 137-145). 
Regarding claim 3, Yang teaches wherein the TEE further comprises a hardware interface for secure retrieval of policy data from said policies database by said policies manager (par.68-75, 90-95, 137-145). 
Regarding claim 4, Yang teaches wherein the policies manager in the TEE is to inject said one or more data-items into a shadow register in said secure sub-system; wherein the cryptographic engine in the secure sub-system utilizes data-items from said shadow register, to perform said particular cryptographic operation that was requested by said cryptographic driver of the REE (par.24-27, 93-100). 
Regarding claim 6, Yang teaches wherein the policies manager in the TEE is to utilize a hardware interface, between the TEE and the secure sub-system, to inject said one or more data-items into said secure sub-system (par.24-27, 93-100). 
Regarding claim 7, Yang teaches wherein the policies manager of the TEE is to inject at least a value of a DRM Stream_ID parameter and an acceptance or rejection response to said request, over said hardware interface, into the secure sub-system (par.75-84, 90-96). 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5, 9-11, and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Yang, and further in view of Mangalore (20170109503).
Regarding claim 14, Yang teaches 14. A processing system comprising: a Trusted Execution Environment (TEE) to securely execute code, wherein the TEE is co-located near a Rich Execution Environment (REE) (par.112-115); 
wherein the TEE comprises a policies manager unit, (i) to receive from a secure sub-system of the processing system an interrupt indicating a request to authorize a particular cryptographic operation by said secure sub-system on a content-item that is stored in unsecured unprotected memory that is dynamically managed by the REE (par.24-27, 93-100), 
(ii) to verify said request based on data obtained by the policies manager unit from a co-located policies database within the TEE, (iii) to authorize said request by writing via a hardware interface one or more parameters into one or more shadow registers of the secure sub-system which are accessible by a cryptographic engine, said one or more parameters enabling said cryptographic engine of the secure sub-system to perform said particular cryptographic operation (par.68-75, 90-95, 137-145). 
Yang does not expressly disclose, however, Mangalore teaches wherein the TEE comprises a trusted Digital Rights Management (DRM) application, configured to establish a particular DRM session 
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang to use DRMs as taught by Mangalore.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect additional resources (Mangalore, par.2-11).
Regarding claim 18, Yang teaches 18. A method implementable by a processing system that comprises a Trusted Execution Environment (TEE) co-located with a Rich Execution Environment (REE), the method comprising (par.112-115): 
storing, in a secure sub-system of said processing system that is accessible by both the REE and the TEE, one or more descriptors of a requested operation that is requested by said application of the REE; wherein said storing of the one or more descriptors triggers a sending of an interrupt to a policies manager unit in the TEE, wherein the interrupt indicates a request by the REE to obtain TEE authorization to perform said requested operation (par.24-27, 93-100); 
evaluating said request by said policies manager unit within the TEE, based on (i) one or more policies that are securely stored in a co-located policies database within the TEE, and (ii) a key index and other descriptors of said requested operation, that are inserted by the REE into slots in the secure sub-system; if said request is evaluated as authorized, then: (I) inserting by the policies manager of the TEE, via a hardware interface, into one or more slots in the secure sub-system, one or more parameters that enable a cryptographic engine in the secure sub-system to perform said requested operation; and (II) sending a request authorization message from the policies manager unit of the TEE to the cryptographic engine in the secure sub-system (par.68-75, 90-95, 137-145). 
Yang does not expressly disclose, however, Mangalore teaches performing a Digital Rights Management (DRM) handshake, to establish a particular DRM session between (i) a DRM playback application in the REE and (ii) a trusted DRM application in the TEE, and DRM operations (par.9-12, 21-27, 42-49).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang to use DRMs as taught by Mangalore.

Regarding claim 5, Yang does not expressly disclose, however, Mangalore teaches wherein said request to perform said particular cryptographic operation comprises at least the following descriptors: (a) an indication of a Digital Rights Management (DRM) key index, (b) an indication of which cryptographic engine is requested to be invoked, (c) an indication of a requested mode of operation selected from the group consisting of encryption and decryption, (d) an indication of an Initialization Vector (IV) or a Counter, (e) an indication of a requested mode of operation of a block cipher which is selected from the group consisting of: a Cipher Block Chaining (CBC) mode, and a Counter (CTR) mode; wherein said descriptors were injected by the cryptographic driver of the REE into key slots in said secure sub-system (par.9-12, 21-27, 38-49).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang to use DRMs as taught by Mangalore.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect additional resources (Mangalore, par.2-11).
Regarding claim 9, Yang does not expressly disclose, however, Mangalore teaches wherein said request from the cryptographic driver of the REE towards the TEE is implemented as an interrupt from the secure sub-system to the policies manager of the TEE, wherein said interrupt triggered by insertion of one or more data-items by the cryptographic driver of the REE into one or more slots of the secure sub-system (par.38-49).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang to use DRMs as taught by Mangalore.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect additional resources (Mangalore, par.2-11).
Regarding claim 10, Yang does not expressly disclose, however, Mangalore teaches wherein said interrupt is initiated subsequent to an initial Digital Rights Management (DRM) handshake which initializes a particular DRM session between (i) a DRM application in the REE, and (ii) a DRM trusted application within the TEE (par.38-49).

One of ordinary skill in the art would have been motivated to perform such a modification to further protect additional resources (Mangalore, par.2-11).
Regarding claim 11, Yang does not expressly disclose, however, Mangalore teaches wherein said cryptographic operation is a cryptographic operation selected from the group consisting of: (i) decryption of a media content item that is cryptographically associated with Digital Rights Management (DRM) protection, (ii) pre-transmission encryption of a media content item in accordance with High-bandwidth Digital Content Protection (HDCP) (par.38-49).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang to use DRMs as taught by Mangalore.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect additional resources (Mangalore, par.2-11).
Regarding claim 15, Yang/Mangalore teaches wherein said one or more parameters, that are written by the policies manager unit of the TEE via the hardware interface into the secure sub-system, comprise at least a value of a DRM Stream_ID parameter (Yang, par.75-84, 90-96, Mangalore, par.11-14, 38-43). 
Regarding claim 16, Yang/Mangalore teaches wherein the policies manager unit of the TEE retrieves data from said co-located policies database of the TEE via a secure-only access over a hardware interface that connects the policies manager unit and the policies database (Yang, par.24-27, 93-100). 
Regarding claim 17, Yang/Mangalore teaches wherein the processing system comprises a memory unit having: (i) a secured memory region that is carved-out at boot time and is pre-allocated for exclusive access of the TEE and not of the REE, and (ii) an unsecured memory region that is dynamically managed by the REE; wherein the policies manager of the TEE authorizes or denies said particular DRM-related cryptographic operation with regard to a DRM-protected content-item that is stored only in the unsecured memory region, and that is not copied into and is not stored I the secured memory region (Yang, par. 68-75, 90-95, 137-145, Mangalore, par.11-14, 38-43). 
Regarding claim 19, Yang/Mangalore teaches if said request is evaluated as authorized, then: performing said requested DRM operation in the cryptographic engine, by utilizing: (i) a value of a Stream_ID parameter that is provided securely over a hardware interface by the policies manager unit of the TEE, and (ii) a DRM key obtained from the cryptographic driver of the REE, and (iii) one or more parameters of the requested DRM operation as obtained from the cryptographic driver of the REE(Yang, par.75-84, 90-96, Mangalore, par.11-14, 38-43). 
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Yang, and further in view of Ponsini (20200184089).
Regarding claim 8, Yang does not expressly disclose, however, Ponsini teaches wherein the secure sub-system further comprises a watchdog unit, to initiate a request rejection interrupt towards said cryptographic driver of the REE if a request approval is not received from the policies manager of the TEE within a pre-defined time period (par.25-30, 44-45, 65-69). 
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang to use timers as taught by Ponsini.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to resources (Ponsini, par.2-8, 25-35).
Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Yang, and further in view of Ho (20200007931).
Regarding claim 12, Yang does not expressly disclose, however, Ho teaches wherein said cryptographic operation is decryption of a single DRM-protected frame of a DRM-protected video that a DRM application in the REE requests to playback; wherein the cryptographic driver of the REE issues a separate request for decryption of each frame of said DRM-protected video, one frame at a time; wherein the policies manager of the TEE determines, separately, for each request to decrypt each of said frames, whether to accept or reject said request, based on (i) a DRM key index and (ii) one or more descriptors of each requested decryption operation and (iii) a per-key policy obtained from a policies database within the TEE over a secure channel; wherein said DRM-protected frame is stored by the REE in an unsecured unprotected memory region of a memory unit of the electronic device, that is accessible by the REE and by the TEE, and that is dynamically managed only by the REE (par.23-27, 40-45). 

One of ordinary skill in the art would have been motivated to perform such a modification to further protect additional resources (Ho, par.17-27).
Regarding claim 13, Yang does not expressly disclose, however, Ho teaches wherein said cryptographic operation is encryption of a single frame of a video intended for DRM-protection; wherein the cryptographic driver of the REE issues a separate request for encryption of each frame of said video, one frame at a time; wherein the policies manager of the TEE determines, separately, for each request to encrypt each of said frames, whether to accept or reject said request, based on (i) a DRM key index and (ii) one or more descriptors of each requested encryption operation and (iii) a per-key policy obtained from a policies database within the TEE over a secure channel; wherein said DRM-protected frame is stored by the REE in an unsecured unprotected memory region of a memory unit of the electronic device, that is accessible by the REE and by the TEE, and that is dynamically managed only by the REE (par.23-27, 40-45). 
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang to use DRMs as taught by Ho.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect additional resources (Ho, par.17-27).
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Yang/Mangalore, and further in view of Ho.
Regarding claim 20, Yang/Mangalore does not expressly disclose, however, Ho teaches wherein the requested DRM operation is a request to decrypt a DRM-protected frame of a DRM-protected video; wherein said evaluating of the request by the policies manager unit within the TEE, excludes and does not utilize copying or buffering said DRM-protected frame into a secured memory region that is accessible only by the TEE (par.23-27, 40-45). 
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Yang/Mangalore to use DRMs as taught by Ho.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David Garcia Cervetti whose telephone number is (571)272-5861. The examiner can normally be reached Monday-Friday 8AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, HADI ARMOUCHE can be reached on (571)270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/David Garcia Cervetti/Primary Examiner, Art Unit 2419