Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the application 16/343,557 filed on 04/19/2019.
Claims1-15 have been examined and are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 06/27/2019, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Foreign Priority
The present application claims priority to and is a national phase of Ser. No. PCT/CN2018/113145 filed October 31, 2018, which claims priority to and the benefit of Chinese Patent Application No. 201711340481.0 filed December 14, 2017.
Objections
The abstract of the disclosure is objected to because the abstract in the instant application exceeds the maximum 150 word limit. 

Claim Objections
Claims 1 and 7 are objected to because of the following informalities:  
Regarding claims 1 and 7; It is noted that claims 1 and 7 fail to comply with 37 CFR 1.75(e), wherein is the claim should include a preamble, a transitional phrase, and a body of the claim. As recommended in 37 CFR 1.75(e), "any independent claim should contain in the following order: (1) A preamble comprising a general description of all the elements or steps of the claimed combination which are conventional or known, (2) A phrase such as "wherein the improvement comprises," and (3) Those elements, steps, and/or relationships which constitute that portion of the claimed combination which the applicant considers as the new or improved portion." See MPEP § 6.08.01 (m) for detail.
It is suggested that for method claim, the body of the claim should positively recite steps of the claimed method (i.e., VERB+ING); for the system/device claim, the body of the claim should positively recite hardware embodiments/components of the claimed system/device (i.e., circuit, apparatus, memory, server computer, etc.,).  Please refer to some patent/patent application publication below for references (US 2011/0271108, US 2010/0088105, or US 2009/0086949).
Appropriate correction(s) is required.
Regarding claims 1 and 7; claims 1 and 7 recite the limitations “decrypts;” in line 16 and in line 18 respectively.  It should read as “decrypt.”
Appropriate correction(s) is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 2-6 and 7-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Claim limitations “a storage module, configured to…,”  ““an encryption module, configured to…,”  “a client application module, configured to…,”  “a monitor mode module, configured to…,”  and ““a trusted application module, configured to…,” have been interpreted under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, because it includes generic place holder “module” coupled with functional language “configured to…” without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not preceded by a structural modifier without reciting sufficient structure to achieve the function. Applicant’s specification fails to provide a clear definition to the terms.
Since the claim limitations invoke 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, claims 2-6 and 8-15 are interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof. 
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph; or
(b)        Amend the written description of the specification such that it clearly links or associates the corresponding structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c)        State on the record where the corresponding structure, material, or acts are set forth in the written description of the specification and linked or associated to the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not wish to have the claim limitation treated under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, applicant may amend the claim so that it will clearly not invoke 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, or 
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).
Regarding claim 7; claim 7 point out the statutory class of the claims.  The claim calls for a method. However, the first and second limitations of the claim is not recited as method steps.  While the claim is only defined actions but not included the steps within the claim. It is unclear as to what statutory class the claims belong to. It is recommended that the applicant amend the claims to recite as a method steps.
Regarding claims 8-15; claims 8-15 are dependent on claim 7, and therefore inherit 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph issues of the independent claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 1 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Surdu (US 2018/0032733), in view of Isozaki (US 2014/0123320) and further in view of Adams (2009/0313705).    
Regarding claim 1, Surdu discloses a trusted execution environment, comprising a background device and a terminal device, wherein the terminal device is provided with a microprocessor based on Trust Zone technology, the microprocessor has a physical core divided into a virtual secure core and a virtual normal core, and the microprocessor provides a trusted execution environment which provides a secure operating system based on the secure core, and a rich execution environment which provides a normal operating system based on the normal core, and the microprocessor switches between the secure operating system and the normal operating system based on monitor mode of the microprocessor (Surdu abstract par. 0015, 0017 and 0030. Surdu teaches that trusted switching mechanism, it is preferable to use a security architecture such as TrustZone from ARM Ltd or other method to run a hardware-protected security monitor and a conventional OS at the same time on a single processor core. The TrustZone monitor runs in a hardware protected domain called the "Secure World" while the OS runs in "Normal World". Secure World software can access Normal World memory, but Normal World memory is blocked by hardware mechanisms from accessing Secure World resources. Because the monitor runs in Secure World memory that cannot be accessed by any OS in Normal World, it cannot be modified or bypassed by an OS. To simplify the switching process, all operating systems are started when the device boots and all but the desired OS are suspended. In another instantiation, the desired OS is booted and any remaining operating systems are booted only as they are required during the switching process. See also Fig. 3); 
Surdu teaches trusted execution environment and Trust Zone technology. However, Surdu does not explicitly discloses acquire key data to be burned and the microprocessor receives the switching signal in a monitor mode and is switched to the secure operating system from the normal operating system, the secure operating system receives the key data to be burned and decrypts the data to be burned according to preset key data and if a decryption operation is successfully completed, the secure operating system will acquire the corresponding original key data and write the original key data into a secure storage area of the secure operating system. 
However, in an analogous art, Isozaki discloses wherein the background device is configured to encrypt original key data so as to acquire key data to be burned and output the key data to be burned (Isozaki par. 0005. Isozaki teaches the information processing device generates a key in order to decrypt the encrypted content key acquired from the data storage module based on an authentication key included in application software running on an OS (Operation System) that is of own operating software of the information processing device, and the information processing device decrypts the encrypted contents using the content key decrypted by the key);
(Isozaki par. 0003-0006, 0043 and 0064. Isozaki teaches that the information processing device generates a key in order to decrypt the encrypted content key acquired from the data storage module based on an authentication key included in application software running on an OS (Operation System) that is of own operating software of the information processing device, and the information processing device decrypts the encrypted contents using the content key decrypted by the key. Which is used to decrypt the encrypted content key, to obtain a value of the content key and a processor accesses a storage module upon a request from a processor module, which selectively switches between a secure mode and a non-secure mode and performs data processing in each mode. In this case, the access to a protected area of the storage module is permitted only when the processor module is in the secure mode based on a report indicative of an own mode, which is output from the processor module. The key calculation processing module 27 decrypts the encrypted content key using a key (a session key), which is generated by the authentication processing and shared by the host authentication processing module 28 and the data storage module). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the switching mode system of Surdu using the switching mode system taught in Isozaki for controlling access to a data storage module including a protected area, a processor control method, and an information processing device including the processor (Isozaki par. 0002). 
Surdu and Isozaki disclose trusted execution environment and Trust Zone technology and decrypts the data to be burned according to preset key data. However, Surdu and Isozaki do not explicitly disclose output a prompt message informing a user of a unsuccessful decryption if the decryption operation fails.
However, in an analogous art, Adams discloses output a prompt message informing a user of an unsuccessful decryption if the decryption operation fails (Adams par. 0037. Adams teaches that receiving, in return, either an indication of successful decryption and a decrypted message or an indication of a failure to decrypt the encrypted session key).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the decrypting system of Surdu and Isozaki using the decrypting system taught in Adams to security measures for countering unauthorized decryption (Adams par. 0002). 
Regarding claim 7, Surdu discloses a trusted execution environment method adopting a trusted execution environment system, wherein the trusted execution environment system, comprising a background device and a terminal device, wherein the terminal device is provided with a microprocessor based on Trust Zone technology, the microprocessor has a physical core divided into a virtual secure core and a virtual normal core, and the microprocessor provides a trusted execution environment which provides a secure operating system based on the secure core, and a rich execution environment which provides a normal operating system based on the normal core, and the microprocessor switches between the secure operating system and the normal operating system based on monitor mode of the microprocessor (Surdu abstract par. 0015, 0017 and 0030. Surdu teaches that trusted switching mechanism, it is preferable to use a security architecture such as TrustZone from ARM Ltd or other method to run a hardware-protected security monitor and a conventional OS at the same time on a single processor core. The TrustZone monitor runs in a hardware protected domain called the "Secure World" while the OS runs in "Normal World". Secure World software can access Normal World memory, but Normal World memory is blocked by hardware mechanisms from accessing Secure World resources. Because the monitor runs in Secure World memory that cannot be accessed by any OS in Normal World, it cannot be modified or bypassed by an OS. To simplify the switching process, all operating systems are started when the device boots and all but the desired OS are suspended. In another instantiation, the desired OS is booted and any remaining operating systems are booted only as they are required during the switching process. See also Fig. 3); 

However, in an analogous art, Isozaki discloses wherein the background device is configured to encrypt original key data so as to acquire key data to be burned and output the key data to be burned (Isozaki par. 0005. Isozaki teaches the information processing device generates a key in order to decrypt the encrypted content key acquired from the data storage module based on an authentication key included in application software running on an OS (Operation System) that is of own operating software of the information processing device, and the information processing device decrypts the encrypted contents using the content key decrypted by the key);
after the terminal device is enabled, the normal operating system is started, a client application preset by the terminal device receives the key data to be burned and sends a request to the normal operating system, the normal operating system outputs a switching signal and the key data to be burned, the microprocessor receives the switching signal in a monitor mode and is switched to the secure operating system from the normal operating system, the secure operating system receives the key data to be burned and decrypts the data to be burned according to preset key data and if a decryption operation is (Isozaki par. 0003-0006, 0043 and 0064. Isozaki teaches that the information processing device generates a key in order to decrypt the encrypted content key acquired from the data storage module based on an authentication key included in application software running on an OS (Operation System) that is of own operating software of the information processing device, and the information processing device decrypts the encrypted contents using the content key decrypted by the key. Which is used to decrypt the encrypted content key, to obtain a value of the content key and a processor accesses a storage module upon a request from a processor module, which selectively switches between a secure mode and a non-secure mode and performs data processing in each mode. In this case, the access to a protected area of the storage module is permitted only when the processor module is in the secure mode based on a report indicative of an own mode, which is output from the processor module. The key calculation processing module 27 decrypts the encrypted content key using a key (a session key), which is generated by the authentication processing and shared by the host authentication processing module 28 and the data storage module). 
wherein the method comprises: Step S1, encrypting the original key data using the key data preset by the terminal device so as to acquire the key data to be burned and output the key data to be burned by the background device (Isozaki par. 0064. Isozaki teaches that the key calculation processing module 27 decrypts the encrypted content key using a key (a session key), which is generated by the authentication processing and shared by the host authentication processing module 28 and the data storage module);
(Isozaki par. 0003-0006. Isozaki teaches that the information processing device generates a key in order to decrypt the encrypted content key acquired from the data storage module based on an authentication key included in application software running on an OS (Operation System) that is of own operating software of the information processing device, and the information processing device decrypts the encrypted contents using the content key decrypted by the key);
Step S3, after the normal operating system is started, acquiring the encrypted key data to be burned, and outputting the switching signal and the key data to be burned (Isozaki par. 0003-0006, 0043 and 0064. Isozaki teaches that the information processing device generates a key in order to decrypt the encrypted content key acquired from the data storage module based on an authentication key included in application software running on an OS (Operation System) that is of own operating software of the information processing device, and the information processing device decrypts the encrypted contents using the content key decrypted by the key. Which is used to decrypt the encrypted content key, to obtain a value of the content key and a processor accesses a storage module upon a request from a processor module, which selectively switches between a secure mode and a non-secure mode and performs data processing in each mode); 
Step S4, receiving the switching signal by the microprocessor and switching the microprocessor to the secure operating system (Isozaki abstract. Isozaki teaches that a processor accesses a storage module upon a request from a processor module, which selectively switches between a secure mode and a non-secure mode and performs predetermined data processing in each mode);
(Isozaki par. 0003-0006, 0043 and 0064. Isozaki teaches that the information processing device generates a key in order to decrypt the encrypted content key acquired from the data storage module based on an authentication key included in application software running on an OS (Operation System) that is of own operating software of the information processing device, and the information processing device decrypts the encrypted contents using the content key decrypted by the key. Which is used to decrypt the encrypted content key, to obtain a value of the content key)
Step S6, after the decryption operation is successfully completed, acquiring the corresponding original key data and writing the original key data into the secure storage area by the secure operating system (Isozaki par. 0064. Isozaki teaches that the key calculation processing module 27 decrypts the encrypted content key using a key (a session key), which is generated by the authentication processing and shared by the host authentication processing module 28 and the data storage module)
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the switching mode system of Surdu using the switching mode system taught in Isozaki for controlling access to a data storage module including a protected area, a processor control method, and an information processing device including the processor (Isozaki par. 0002). 

However, in an analogous art, Adams discloses output a prompt message informing a user of an unsuccessful decryption if the decryption operation fails (Adams par. 0037. Adams teaches that receiving, in return, either an indication of successful decryption and a decrypted message or an indication of a failure to decrypt the encrypted session key).
Step 7, outputting a prompt message informing the user of an unsuccessful decryption by the secure operating system if the decryption operation fails (Adams par. 0037. Adams teaches that receiving, in return, either an indication of successful decryption and a decrypted message or an indication of a failure to decrypt the encrypted session key). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the decrypting system of Surdu and Isozaki using the decrypting system taught in Adams to security measures for countering unauthorized decryption (Adams par. 0002). 

Allowable Subject Matter
Claims 2-6 and 8-15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and if the rejection(s) under 35 U.S.C. 112(b), claim objection, set forth in this Office action is resolved.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for 





/SANCHIT K SARKER/Examiner, Art Unit 2495