DETAILED ACTION 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This action is in response to the communications and remarks filed on 10/22/2021. Claims 1, 13, and 17 have been amended. Claims 1-20 haven been examined and are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/01/2021 was filed after the mailing date of the Non-Final on 07/22/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
Applicant’s arguments, see pp. 7-9, filed 10/22/2021, with respect to Claims 1-3, 7, 13, 16-17, and 20  (Sood et al., hereinafter (“Sood”), US PG Publication (20180114012 A1), in view of Roth et al US PG Publication (20180232517 A1)) have been fully considered and are persuasive.  The 103 rejection of 1-3, 7, 13, 16-17, and 20 has been withdrawn. 




					Examiner’s Comments

An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via E-Mail from Agent Zhan John Cao (Reg. No. L1167) on 11/18/2021. The application has been amended as follows:
Please replace claim 1 with:
(Currently Amended) A computer-implemented method for processing data in a trusted environment, the method comprising:
registering, at a gateway, an execution service as a trusted execution environment (TEE) worker, wherein the execution service is a service binary provided by a service provider for executing various requested services;
in response to a request received at the gateway the execution service, sanitizing the user data by scanning the user data for malicious code; 
selecting the TEE worker from a plurality of TEE workers, wherein the TEE worker has been authenticated by the gateway at time of registration and initiating an execution of the execution service by the selected TEE worker;
receiving execution results from the selected TEE worker, including
generating an identifier uniquely identifying the execution results;

sending the identifier to the 
in response to receiving the identifier, determining the execution results based on the identifier using the mapping table; and
transmitting the execution results to the user device of the user over the network.

Please cancel claim 4:
4. 	(Canceled) 

Please replace claim 5 with:
5. 	 (Currently Amended) The method of claim 1, wherein registering the execution service comprises:
in response to receiving a service binary and a description of the execution service from a service provider, verifying an integrity and authenticity of the service binary; 
scanning the service binary for malicious code; and
registering the service binary as one of a plurality of TEE workers. 

Please replace claim 8 with:
8. 	 (Currently Amended) The method of claim 7, wherein obtaining the 
transmitting by the gateway a request to obtain the key to the KMS; and


Please replace claim 13 with:
13. 	 (Currently Amended) A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations, the operations comprising:
registering, at a gateway, an execution service as a trusted execution environment (TEE) worker, wherein the execution service is a service binary provided by a service provider for executing various requested services;
in response to a request received at the gateway the execution service, sanitizing the user data by scanning the user data for malicious code; 
selecting the TEE worker from a plurality of TEE workers, wherein the TEE worker has been authenticated by the gateway at time of registration and initiating an execution of the execution service by the selected TEE worker;
receiving execution results from the selected TEE worker, including
generating an identifier uniquely identifying the execution results;
storing the identifier in a mapping table, wherein the mapping table comprises a plurality of identifiers mapping a plurality of execution results corresponding to each of a plurality of TEE workers; and
sending the identifier to the 
in response to receiving the identifier, determining the execution results based on the identifier using the mapping table; and


Please cancel claim 14:
14. 	 (Canceled) 

Please replace claim 15 with:
15. 	 (Currently Amended) The non-transitory machine-readable medium of claim 13, wherein registering the execution service comprises:
in response to receiving a service binary and a description of the execution service from a service provider, verifying an integrity and authenticity of the service binary; 
scanning the service binary for malicious code; and
registering the service binary as one of a plurality of TEE workers. 

Please replace claim 17 with:
17. 	 (Currently Amended) A data processing system, comprising:
a processor; and
a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations, the operations including:
registering, at a gateway, an execution service as a trusted execution environment (TEE) worker, wherein the execution service is a service binary provided by a service provider for executing various requested services;
in response to a request received at the gateway the 
selecting the TEE worker from a plurality of TEE workers, wherein the TEE worker has been authenticated by the gateway at time of registration and initiating an execution of the execution service by the selected TEE worker,
receiving execution results from the selected TEE worker, including
generating an identifier uniquely identifying the execution results;
storing the identifier in a mapping table, wherein the mapping table comprises a plurality of identifiers mapping a plurality of execution results corresponding to each of a plurality of TEE workers; and
sending the identifier to the 
in response to receiving the identifier, determining the execution results based on the identifier using the mapping table, and
transmitting the execution results to the user device of the user over the network.


Please cancel claim 18:
18. 	 (Canceled) 

Please replace claim 19 with:
19. 	 (Currently Amended) The system of claim 17, wherein registering the execution service comprises:
in response to receiving a service binary and a description of the execution service from a service provider, verifying an integrity and authenticity of the service binary; 

registering the service binary as one of a plurality of TEE workers. 

	
Allowable Subject Matter
Applicant's arguments have been considered and are determined to be persuasive. Accordingly, the previously presented rejections are withdrawn.
Claims 1-3, 5-13, 15-17, and 19-20 are allowed.
The following is an examiner's statement of reasons for allowance:
The closest prior art, Sood (20180114012 A1), Roth (20180232517 A1), and Gupta (20140051432 A1), as previously recited, a computer-implemented method for processing data in a trusted environment [Sood, ¶¶0033, 0035 and 0037-0038: SGX programming environment when used in a server environment, is a trusted execution environment embedded in a process], the method comprising; a non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations, the operations comprising; a data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations, the operations including: [Sood, ¶¶0071 and 0073: processor(s) and memory (not shown) to execute software components]; selecting a trusted execution environment (TEE) worker from a plurality of TEE workers and initiating an execution of the execution service by the selected TEE worker; [Sood, ¶0012: Fig. 6a illustrates an NFV SGX architecture in which a trusted packet processing enclave(s) 605 (a trusted execution environment (TEE) ) is/are employed for executing data plane code and packet processing code provided by an Management & Orchestration System (MOS). ¶¶0073-0074 and 0082-0083: Under NFV SGX Architecture 700, trust sensitive VNFs 604-1 . . . 604-N in a VM or container, are communicatively coupled via virtual switch/bridges 702, supporting communication between software components running within separate VMs and/or containers. Also coupled to virtual switch/bridges 702 is a user data plane 704 including a secure enclave 706. ¶¶0075-0076: Once a packet is enqueued in Rx queue 622, it is forwarded to message queue-buffer 626. Message queue-buffer 626 is a message queue and/or buffer that is allocated in a portion of user space for trusted sensitive VNF 604; where message queue/buffer 626 determines if all or a portion of a packet reads (option 1) or copies (option 2) from message queue/buffer 626 into secure enclave 605 (selecting) based on packet processing operations operating on packet header data. ¶¶0084-0085: As shown in flowchart 800, any packet processing enclave (initiating an execution of the execution service by the selected TEE worker) can start initial set of code to be added to SGX enclave with bootstrap code, step 804.]; receiving execution results from the selected TEE worker; [Sood, ¶¶0071, 0074, and 0076: typical packet flow processing path under NFV SGX Architecture 600 proceeds as follows. Packets (execution results) are received from physical network 632 at NIC port 628 and forwarded to receiver (Rx) queue 622 and a transmit (Tx) queue 624 in DPDK 620, and a message queue-buffer 626 to trusted packet processing enclaves 1-M of a trusted sensitive VNF 604. Thus, only the packet header needs to be read or copied into trusted packet processing enclave(s) 605-605-M (the selected TEE worker).] and transmitting the execution results to the user device of the user over the network. [See Sood, ¶¶0071, 0073, 0075, and 0077: some types of forwarding and/or routing may simply determine a port via which packets (the execution results) are to be forwarded to transmit (Tx) queue 624 of the message queue-buffer 626. Packets further forwarded to a coupled to a physical network 632 (over the network) to be employed for user applications (the user device of the user).];  in response to a request received at a gateway of a server from a user device of a user over a network to process user data by an execution service, sanitizing the user data by scanning the user data for malicious code; [Roth, ¶¶0023 0029 0061 0069-0070 and 0079-0081: The system performs as a monitoring agent of the enclave in process 500 where a monitoring agent within an enclave of a computer system (a gateway of a server) is launched (in response) after receiving a request, to monitor an instance within the present disclosure. The enclave can be an Intel® Software Guard eXtensions (SGX), a module such as a trusted platform module (TPM). The request may come from a user, customer, provider, service, resource, application or other entity with sufficient authority to make the request. The monitoring agent may have the ability to prove to an outside entity, such as the computing resource service provider or a third-party, the monitoring agent may need firewall rules (sanitizing the user data by scanning the user data for malicious code). ¶¶0128: An example environment 1200 where electronic client device 1202 (a user device) send/receives requests over appropriate network 1204 (over a network) to web server 1206.]; registering the execution service with the gateway prior to invoking the execution service for the client ¶0041: The present technique extends the chain of trust (prior to invoking the execution service for the client request) established so that a certificate 30-I for an IoT device 4 is created as a descendant of a device certificate 30-D associated with an enrolment device 6 which manages to the enrolment processes (registering the execution service with the gateway) for enrolling the IoT device in to the chain of trust.]
However, none of Sood, Roth, and Gupta teach or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, claims 1, 8, and 15.  For example, none of the cited prior art teaches or suggest registering, at a gateway, an execution service as a trusted execution environment (TEE) worker, wherein the execution service is a service binary provided by a service provider for executing various requested services; and selecting a trusted execution environment the TEE worker from a plurality of TEE workers, wherein the TEE worker has been authenticated by the gateway at time of registration and initiating an execution of the execution service by the selected TEE worker, in view of other limitations of claims 1, 13, and 17.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
The closest prior art made of record are:
Walker et al. (US 20170180314 A1) teaches a custody transfer of a device can include sending a start of transfer request to an attestation device over a short range wireless communication channel, a nonce is received from the attestation device in association with the start of transfer request, and the nonce is signed at the particular gateway device. The signed nonce is sent to the attestation device, a transfer confirmation message is received from the attestation device, and a transfer message is sent to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device (¶¶0045-0046).
Chawla et al. (US 20130117804 A1) teaches a browser-based secure desktop applications for open computing platforms are disclosed. An example method disclosed herein to provide secure desktop functionality to a computing platform comprises providing, in response to a first request, a secure desktop application to the computing platform, the secure desktop application for execution by a browser on the computing platform, and establishing a secure communication connection between a service node and the secure desktop application, the secure communication connection to provide the secure desktop application with access to a trusted entity, the secure communication connection being accessible to a trusted application downloaded to the computing platform for execution by the browser in association with the secure desktop application, the secure communication connection being inaccessible to an untrusted application not executed in 
Arad et al. (US 20180373885 A1) teaches a a process, including: obtaining, within a trusted computing environment, data comprising confidential values and non-confidential values; replacing, within the trusted computing environment, the confidential values with obfuscated identifiers; sending, from the trusted computing environment, into an untrusted computing environment, an obfuscated representation of the data; transforming, in the untrusted computing environment, the obfuscated representation of the data; sending, from the untrusted computing environment, the obfuscated transformed data into the trusted computing environment; and replacing, within the trusted computing environment, obfuscated identifiers in the obfuscated transformed data with confidential values.  (¶¶).
Iyoda (US 20050188087 A1) teaches accepting a request for processing from a terminal unit 5 of a requester 4, a master 2 solicits, by means of broadcast communication, the entire slave group 6 to participate in parallel processing. Each slave 7 determines, on the basis of its operating state, whether sufficient resources remain to participate in the parallel processing. When the slave 7 participates in the parallel processing, the slave 7 responds to the master 2 so as to apply for participation. The master 2 allocates processes to the slaves 7 having applied for participation, and transmits the allocated processes to the slaves 7. The slaves 7 execute the processes received from the master 2. Upon completion of execution of the processes, the servers 7 
Conclusion
	

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 

/Sakinah White Taylor/Examiner, Art Unit 2497