DETAILED ACTION
Claims 1-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Ashley Essick (Reg. No. 55515) on December 17, 2021.
The application has been amended as follows: 

1 (Currently Amended). An apparatus comprising: 
one or more hardware processors of a computing device associated with a tenant, the one or more processors to: 
request a group status report to confirm a status of a group of trusted execution platforms from a cloud service provider (CSP) providing scalable runtime validation for on-device design rule checks; 

determine, by the tenant based on validation of the minimum TCB, whether a set of group members of the group of trusted execution platforms satisfies security requirements of the tenant; 
responsive to the set of group members satisfying the security requirement, utilize a group public key to encrypt a workload of the tenant; and 
send the encrypted workload to the CSP for storage by the CSP and subsequent execution by an execution platform of the group of trusted execution platforms using a private group key.  

3 (Currently Amended). The apparatus of claim 1, wherein the execution platform of the group of trusted execution platforms decrypts the encrypted workload in response to validation by other group members of the group of trusted execution platforms.  

4 (Currently Amended). The apparatus of claim 1, wherein the CSP indicates to each trusted execution platform in the group of trusted execution platforms that a public key associated with the tenant is authorized.  

5 (Currently Amended). The apparatus of claim 1, wherein the CSP informs the tenant of existence of the group of trusted execution platforms.  

6 (Currently Amended). The apparatus of claim 1, wherein the tenant declares a policy to define acceptable trusted execution platforms for execution of workloads of the tenant.  

12 (Currently Amended). The method of claim 10, wherein the execution platform of the group of trusted execution platforms decrypts the encrypted workload in response to validation by other group members of the group of trusted execution platforms.  

13 (Currently Amended). The method of claim 10, wherein the CSP indicates to each trusted execution platform in the group of trusted execution platforms that a public key associated with the tenant is authorized, and wherein the CSP informs the tenant of existence of the group of trusted execution platforms.  

14 (Currently Amended). The method of claim 10, wherein the tenant declares a policy to define acceptable trusted execution platforms for execution of workloads of the tenant.  

18 (Currently Amended). The non-transitory machine readable storage medium of claim 16, wherein the execution platform of the group of trusted execution platforms decrypts the encrypted workload in response to validation by other group members of the group of trusted execution platforms.  

19 (Currently Amended). The non-transitory machine readable storage medium of claim 16, wherein the CSP indicates to each trusted execution platform in the group of trusted execution platforms that a public key associated with the tenant is authorized, and wherein the CSP informs the tenant of existence of the group of trusted execution platforms.  

20 (Currently Amended). The non-transitory machine readable storage medium of claim 16, wherein the tenant declares a policy to define acceptable trusted execution platforms for execution of workloads of the tenant.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “request a group status report to confirm a status of a group of trusted execution platforms from a cloud service provider (CSP) providing scalable runtime validation for on-device design rule checks; validate, by the tenant, a minimum trusted computing base (TCB) declared with the group status report; determine, by the tenant based on validation of the minimum TCB, whether a set of group members of the group of trusted execution platforms satisfies security requirements of the tenant; responsive to the set of group members satisfying the security requirement, utilize a group public key to encrypt a workload of the tenant; and send the encrypted workload to the CSP for 
The following is considered to be the closest prior art of record:
Wikipedia (NPL “Trusted Computing Base”) – teaches the overall definition of the term “trusted computing base” as is known in the art.
Ferguson (US 2015/0319160) - teaches the host sending a request to a host attestation service. The request includes verifiable proof of certain host characteristics such as the host containing a trusted execution environment. The host attestation service then verifies the proof and issues a certificate to the host to allow the host to authenticate to other entities that have a trusted relationship with the host attestation service. Ferguson also teaches storing encrypted tenant workloads on the host. However, Ferguson does not specifically teach “validate, by the tenant, a minimum trusted computing base declared with the group status report”.
Cabuk (US 2009/0013406) –teaches verifying the trusted computing base and attesting to that fact by sending a signature that is composed of a signed copy of the trusted computing base.
Mao (US 8176336) – claim 1, Fig. 2-teaches a user invoking an attestation function by issuing a challenge to verify the trust level of the trusted computing base
Gumowski (US 2019/0095910) – paragraph 28, teaches users verifying each other’s trusted computing base using a trusted attestation service.
Mao (US 2013/0061293) – teaches a virtualization infrastructure including a trusted computing base along with a plurality of virtual machines for tenants of a cloud computing system. The trusted computing base to prevent unauthorized access to the virtual machines by an admin of the cloud computing system.
Khosravi (US 2019/0042466) – teaches that tenants of cloud service providers are seeking solutions to enable the operation of the cloud service provider software outside of a trusted computing base.
Shanbhogue (US 2019/0228145) – teaches removing the hypervisor from the trusted computing base to achieve confidential VM execution between the cloud service provider and the tenant.
CN 102986163 – teaches establishing a minimum trusted computing base to have isolation between the user space and the cloud space.
Meyers (US 5937159) – teaches a user verifying that he is actually interacting with the trusted computing base.
Turan (US 2021/0110099) – teaches scalable runtime validation.
However, the concept of a tenant requesting a group status report from a cloud service provider and then validating the minimum trusted computing base from the group status report as claimed cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1-20 are considered to be allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/John B King/
Primary Examiner, Art Unit 2498