DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-2, 4-9, 11-16 and 21-26 are allowed.

Reasons for Allowance
Examiner’s statement of reasons for allowance for claims 1-2, 4-9, 11-16 and 21-26 are stated below.
Regarding independent Claims 1, 8 and 15, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “receiving, by a key management system executing on a computer system, a request from an application for a performance of an operation associated with a cryptographic key that is stored at a secure enclave; identifying, by a processing device, a plugin of the secure enclave specified by the request for performance of the operation, wherein the plugin executes within a sandbox environment of the key management system, and wherein the sandbox environment is assigned fewer privileges than the key management system to access resources of the computer system; performing the operation associated with the cryptographic key by using the plugin of the secure enclave to generate an output within the secure enclave, wherein the performing of the operation associated with the cryptographic key is further based on one or more conditions identified by the plugin for the cryptographic key associated with the operation, wherein at least one of the conditions corresponds to an action performed by the plugin; in response to the performing of the operation associated with the cryptographic key by using the plugin of the secure enclave, updating, at the secure enclave, state information of the plugin based on the operation associated with the cryptographic key, wherein the state information comprises at least one characteristic that identifies a use of the plugin by the application; and providing the output generated within the secure enclave and based on the plugin to the application” in combination with all the elements of the respective independent claims.
The dependent claims 2, 4-7, 21, 24-26, 9, 11-14, 22, 16 and 23 are allowable due to their dependence on independent claims 1, 8 and 15.


The closest prior art made of record are:
Roth et al. USPN9,584,517 teaches a system and method for instantiating an enclave according to a request, the enclave being instantiated at a determined location of a set of locations in a computing environment of a computing resource service provider hosting a set of computing resources.  The enclave further being instantiated with executable code specified by a customer for processing network traffic in accordance with the executable code in a computing environment.
Crane et al. USPN6,839,437 teaches a system and a method for managing keys for cryptographic operations.  A security layer and a plurality of cryptographic routines, wherein the plurality of cryptographic routines are accessed through the security layer.  A keystore and a keystore application program interface layer coupled to the security layer.  The keystore application program interface layer receives a call from an application to perform a cryptographic operation, identifies a routine, calls the routine to perform the cryptographic operation, receives a result from the routine, and returns the result to the application.
Roth et al. US2014/0229737 teaches a system and a method for federated key management.  The system uses information submitted in connection with a request to determine if and how to process the request.  The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic.  The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system.  Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches. 




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HENRY TSANG/Primary Examiner, Art Unit 2495