Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a reply to the application filed on 12/20/2021, in which, claim(s) 1-25 are pending.

When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Drawings
The drawings filed on 12/20/2019 is/are accepted by The Examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim(s) 1-13 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim limitations “a trusted agent operative to…” in claim 1are limitations that invoke 35 U.S.C. 112, sixth paragraph. The written description only implicitly or inherently sets forth the corresponding structure, material, or acts that perform the claimed function.
Pursuant to 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181, applicant should:
(a)          Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112, sixth paragraph; or
(b)          Amend the written description of the specification such that it expressly recites the corresponding structure, material, or acts that perform the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c)           State on the record what corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 20-25 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 20 recites, “One or more computer-readable storage medium…” from the specification paragraph [0026], it states “The disclosed embodiments may also be implemented as instructions carried by or stored on a transitory or non-transitory machine-readable (e.g., computer-readable) storage medium, which may be read and executed by one or more processors. A machine-readable storage medium may be embodied as any storage device, mechanism, or other physical structure for storing or transmitting information in a form readable by a machine (e.g., a volatile or non-volatile memory, a media disc, or other media device).
	Based on cited disclosure above, it is determined that the computer readable medium carrying a signal. In addition, transitory forms of signal transmission through transmission medium such as radio broadcast, electrical signals through a wire, and light pulses through a fiber-optic cable, are embodiments that are not directed to statutory subject matter because those transmissions convey only information encoded in the manner are transitory (In re Nuijten 84 U.S.P.Q.2d 1495). Therefore, claims 20-25 recites non-statutory subject matter.

Dependent claims 21-25 are rejected because these claims depend directly from claim 20 and none of the dependent claims overcome the requirements for a statutory subject matter claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 6-11, 14-15, 18-21 and 24-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hill et al, (Pub. No.: US 202I/O176255 A1; hereinafter Hill) in view of Zhang et al. (Pub. No.: US 2021/0081577 A1 – priority date of 3/10/2019; hereinafter Zhang).
Regarding claims 1, 14 and 20, Hill discloses a computing device for secure device configuration, the computing device comprising:
a first I/O device and a second I/O device operative within a trust boundary (peer-to-peer secure communication in secure network environment [Hill; ¶1, 19, 25; Fig. 1 and associated text]); and
a trusted agent operative within the trust boundary to (attestation routing orchestration with verified system [Hill; ¶72-77; fig. 2A and associated text]):
execute an attestation algorithm to attest the first I/O device and the second I/O device (attestation of the first peer and second peer [Hill; ¶72-77, 155-159; fig. 2A, 5 and associated text]);
obtain a peer-to-peer communication key (MKA protocol key exchange [Hill; ¶72-77, 155-159; fig. 2A, 5 and associated text]); and
forward the peer-to-peer communication key to the first I/O device and a second I/O device through a secure communication channel to enable secure peer-to-peer communication between the first I/O device and the second I/O device over a communication link secured by the peer-to-peer communication key and to prevent an unauthorized device from communicating with the first I/O device or the second I/O device (the MAK protocol key exchange are send to all the peers within the secure network environment, in which they are used in validation of the attestation  and enabling secure communication between peers, such that unauthorized device 
IN particular, Zhang teaches configuration I/O upon access request and locking of I/O device based on command configuration [Zhang; ¶59-61, 70-80; fig. 4 and associated text].  It would have been obvious before the effective filing date of the claimed invention to modify Hill in view of Zhang with the motivation to allow different I/O device to communicate and attested in a peer-to-peer communication.

Regarding claims 2, 15 and 21, Hill-Zhang combination discloses wherein the trusted agent is to:
securely command at least one of the first I/O device or the second I/O device to enter a trusted I/O mode; securely command at least one of the first I/O device or the second I/O device to set a global lock on configuration registers of at least one of the first I/O device or the second I/O device in response to a secure command of at least one of the first I/O device or the second I/O device to enter the trusted I/O mode (wherein it emphasizes a command generated for I/O device to enter trusted I/O mode to set a global lock on configuration registers of the I/O device in response to a command [Zhang; ¶ 59-61, 77-80]);
receive configuration data indicative of the configuration registers of at least one of the first I/O device or the second I/O device in response to a securely command of at least one of the first I/O device or the second I/O device to set the global lock; securely command at least one of the first I/O device or the second I/O device to atomically release the global lock and set a fine-grained lock on one or more of the configuration registers in response to receipt of the 
provide the configuration data to a trusted execution environment of the computing device in response to a secure command of at least one of the first I/O device or the second I/O device to atomically release the global lock and set the fine-grained lock (wherein it elaborate that provide the configuration data to an execution environment of the computing device in response to a command of the I/O device to automatically release the global lock and set the another lock [Zhang; ¶71-72, 85-68]). The motivation is to perform secure attestation of peers and enable secure peer-to-peer communication.

Regarding claims 6, 18 and 24, Hill-Zhang combination discloses wherein the trusted agent is further to: 
perform an attestation protocol with at least one of the first I/O device or the second I/O device to generate a device attestation report (perform attestation of the peers and collect and reports of devices to established trust for the platform [Hill; ¶36-37, 72-77, 155-159; fig. 2A, 5 and associated text]); 
verify the device attestation report (identify the report for trusted/untrusted peers, based on attestation and validation [Hill; ¶36-37, 72-77, 155-159; fig. 2A, 5 and associated text]);  and 
securely provision at least one of the first I/O device or the second I/O device with a provisioning key in response to verification of the device attestation report (key exchange and canary stamp with public key to signed attestation and data [Hill; ¶36-37, 116-117, 155-159; fig. 2A, 5 and associated text]).

Regarding claims 7, 19 and 25, Hill-Zhang combination discloses wherein: 
to securely command at least one of the first I/O device or the second I/O device comprises to protect a configuration command with the provisioning key; and at least one of the first I/O device or the second I/O device is to determine whether the configuration command is received from the trusted agent based on the provisioning key (perform attestation of the peers and collect and reports of devices to established trust for the platform [Hill; ¶36-37, 72-77, 155-159; fig. 2A, 5 and associated text]), the public key is used in signing of the data and send the TPM to determine the peers are trusted in the platform [Hill; ¶36-37, 116-117, 155-159; fig. 2A, 5 and associated text], wherein it emphasizes a command generated for I/O device to enter trusted I/O mode to set a global lock on configuration registers of the I/O device in response to a command [Zhang; ¶ 59-61, 77-80]). The motivation is to perform secure attestation of peers and enable secure peer-to-peer communication.

Regarding claim 8, Hill-Zhang combination discloses the computing device of claim 6, wherein the trusted agent is further to: sign the device attestation report with a private key of the trusted agent to generate a signed device attestation report; include the signed device attestation report and a trusted agent attestation report in an attestation report; and provide the attestation report to the trusted execution environment (perform attestation of the peers and collect and reports of devices to established trust for the platform [Hill; ¶36-37, 72-77, 155-159; fig. 2A, 5 and associated text]), the public key is used in signing of the data and send the TPM to determine the peers are trusted in the platform [Hill; ¶36-37, 116-117, 155-159; fig. 2A, 5 and associated text], wherein it emphasizes a command generated for I/O device to enter trusted I/O mode to set 

Regarding claim 9, Hill-Zhang combination discloses the computing device of claim 8, wherein the trusted execution environment is to: verify the attestation report; and request the trusted agent to prepare at least one of the first I/O device or the second I/O device for trusted I/O in response to verification of the attestation report; wherein to securely command at least one of the first I/O device or the second I/O device to enter the trusted I/O mode comprises to securely command at least one of the first I/O device or the second I/O device to enter the trusted I/O mode in response to a request to the trusted agent to prepare at least one of the first I/O device or the second I/O device for trusted I/O (perform attestation of the peers and collect and reports of devices to established trust for the platform [Hill; ¶36-37, 72-77, 155-159; fig. 2A, 5 and associated text]), the public key is used in signing of the data and send the TPM to determine the peers are trusted in the platform [Hill; ¶36-37, 116-117, 155-159; fig. 2A, 5 and associated text], wherein it emphasizes a command generated for I/O device to enter trusted I/O mode to set a global lock on configuration registers of the I/O device in response to a command [Zhang; ¶ 59-61, 77-80]). The motivation is to perform secure attestation of peers and enable secure peer-to-peer communication.

Regarding claim 10, Hill-Zhang combination discloses the computing device of claim 1, wherein the trusted agent is further to: determine whether the trusted execution environment has released at least one of the first I/O device or the second I/O device; and securely command at 

Regarding claim 11, Hill-Zhang combination discloses the computing device of claim 10, wherein the trusted agent is further to: determine whether no other trusted execution environment is using at least one of the first I/O device or the second I/O device in response to the determination that the trusted execution environment has released at least one of the first I/O device or the second I/O device; and securely command at least one of the first I/O device or the second I/O device to exit the trusted I/O mode in response to a determination that no other trusted execution environment is using at least one of the first I/O device or the second I/O device  (wherein it emphasizes a command generated for I/O device to enter trusted I/O mode to set a global lock on configuration registers of the I/O device in response to a command [Zhang; ¶ 59-61, 77-80], wherein it discusses command the I/O device to automatically stop the global lock and set a other lock on the configuration registers in response to receipt of the configuration data 

Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hill-Zhang combination in view of Johnson et al. (Pub. No.: US 2012/0159184 A1; hereinafter Johnson).
Regarding claim 13, Hill-Zhang combination does not explicitly discloses the computing device of claim 1, wherein: the trusted agent comprises a secure enclave established with secure enclave support of a processor of the computing device; and the trusted execution environment comprises a trust domain established with multi-key total memory encryption support of the processor; however, in a related and analogous art, Johnson teaches this feature.
In particular, Johnson teaches secure enclave with processor and memory, such that the multiple keys of various types are stored in the memory and processor of the secure enclave [Johnson; ¶34-41]. It would have been obvious before the effective filing date of the claimed invention to modify Hill-Zhang combination in view of Johnson with the motivation to protect the key in the secure enclave with the motivation to prevent the key from unauthorized users.

Allowable Subject Matter
Claim(s) 3-5, 12 and 22-23 would be allowable if rewritten to overcome the rejection(s) set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

Claim(s) 16-17 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is an examiner’s statement of reasons for allowance: 
The respective dependent claims 3, 16 and 22 are allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:
In claim(s) 3, 16 and 22:
“the computing device of claim 2, wherein…
determine whether the configuration command is received from the trusted agent in response to a determination that the configuration command is restricted to the trusted agent; 
process the configuration command in response to a determination that the configuration command is not restricted to the trusted agent or a determination that the configuration command is received from the trusted agent; and
reject the configuration command in response to the determination that the configuration command is restricted to the trusted agent and a determination that the configuration command is not received from the trusted agent.” in combination with other limitations recited as specified in the independent claim(s).

The respective dependent claim 12 is allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:
In claim(s) 12:
“the computing device of claim 10, further comprising a virtual machine monitor, 
wherein the trusted agent is further to: receive a request to reclaim at least one of the first I/O device or the second I/O device from the virtual machine monitor; and 
request the trusted execution environment to release at least one of the first I/O device or the second I/O device in response to receipt of the request to reclaim at least one of the first I/O device or the second I/O device.” in combination with other limitations recited as specified in the independent claim(s).

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/DAO Q HO/Primary Examiner, Art Unit 2432