Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/30/21 was filed after the mailing date of the application on 4/19/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 4/19/2021 was filed after the mailing date of the application on 4/19/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Smith (US Patent Pub. 20160248809).


As per claims 1, 15 and 20:  A system for improving security of a network using environment hashes, the system comprising (see abstract): 
one or more memory devices storing computer-readable code; and 
one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer-readable code to: 
monitor entity computer systems on a network (Paragraph 70; monitor and/or control entry and/or exit for the facility 406, the room 408, and the room 410 by the platform); 
store the environment hashes for the entity computer systems on a hash database; identify when a first current environment hash of a first entity computer system fails to meet a hash requirement for maintaining access to the network (Paragraph 52; the environment identifier 112 converts the identified security environment to a hash value 220 and outputs the hash value 220 to the key manager 206. The example key manager 206 compares the hash value 220 output by the environment identifier 112 to a set of environment hashes 222. When the hash value 220 is matched to one of the environment hashes 222, the example key manager 206 releases any environment key(s) 204 that are authorized in association with the matching environment hash 222 for provision by the TEE manager 216 to the trusted execution environment 202a); and 
isolate the first entity computer system from the network when the first current environment hash fails to meet the hash requirement (Paragraph 54;  the trusted execution environments 202a, 202b are maintained even when authorization to access the environment keys 204 is revoked by the key manager 206 via the TEE manager 216 (e.g., when the environment identifier 112 identifies a different security environment and the hash 220 no longer matches an environment hash 222 that authorizes use of the environment keys 204)).
As per claims 2 and 16:  The system of claim 1, wherein the hash requirement is that the first current environment hash of the first entity computer system is the same as a first stored environment hash of the first entity computer system (Paragraph 84; the computing device 501 remains in the same security environment as determined by the computing device 501).
As per claims 3 and 17:  The system of claim 1, wherein the hash requirement is that the first current environment hash is the same as an authorized environment hash or fails to be different than an unauthorized environment hash (Paragraph 84; the computing device 501 remains in the same security environment as determined by the computing device 501).
As per claims 4 and 18:  The system of claim 1, wherein the hash requirement is that the first current environment hash of the first entity computer system is the same as Paragraph 84; the computing device 501 remains in the same security environment as determined by the computing device 501).
As per claim 5:  The system of claim 1, wherein when the first current environment hash fails to meet the hash requirement indicates that the first entity computer system comprises a configuration change that is unauthorized (Paragraph 54;  the trusted execution environments 202a, 202b are maintained even when authorization to access the environment keys 204 is revoked by the key manager 206 via the TEE manager 216 (e.g., when the environment identifier 112 identifies a different security environment and the hash 220 no longer matches an environment hash 222 that authorizes use of the environment keys 204)). 
As per claim 6:  The system of claim 1, wherein when the first current environment hash fails to meet the hash requirement indicates that the first entity computer system comprises is missing a configuration change that is authorized (Paragraph 54;  the trusted execution environments 202a, 202b are maintained even when authorization to access the environment keys 204 is revoked by the key manager 206 via the TEE manager 216 (e.g., when the environment identifier 112 identifies a different security environment and the hash 220 no longer matches an environment hash 222 that authorizes use of the environment keys 204)).
As per claim 7:  The system of claim 1, wherein when the first current environment hash fails to meet the hash requirement, hardware or software of the entity computer system may be subject to data corruption, unauthorized tampering, accidental Paragraph 93; the trusted execution environments 202a, 202b of FIG. 2 may be unable to decrypt the desired file using any of the environment keys 204 released to the trusted execution environments 202a, 202b by the key manager 206 (e.g., environment keys 204 released based on comparing the environment hashes 222 to the hash 220 obtained from the environment identifier 112). The user interface 800 displays a message 810 to inform the user that the access is unauthorized under the currently-enforced security level).
As per claim 8:  The system of claim 1, wherein monitoring the entity computer systems comprises:
monitoring changes to configurations of the entity computer systems; and determining current environment hashes for each of the entity computer systems for which a configuration has changed (Paragraph 52; the environment identifier 112 converts the identified security environment to a hash value 220 and outputs the hash value 220 to the key manager 206. The example key manager 206 compares the hash value 220 output by the environment identifier 112 to a set of environment hashes 222. When the hash value 220 is matched to one of the environment hashes 222, the example key manager 206 releases any environment key(s) 204 that are authorized in association with the matching environment hash 222 for provision by the TEE manager 216 to the trusted execution environment 202a).
As per claim 9:  The system of claim 1, wherein monitoring the entity computer systems comprises:
periodically determining a current environment hash for each of the entity computer systems (Paragraph 56; periodically with changes to the security environment definitions 116 and/or the security level definitions).
As per claim 10:  The system of claim 1, wherein monitoring the entity computer systems comprises determining, periodically or in real-time, a current environment hash for each of the entity computer systems (Paragraph 56; periodically with changes to the security environment definitions 116 and/or the security level definitions).
As per claim 11:  The system of claim 1, wherein determining the current environment hashes occurs on the entity computer systems or on a virtual environment system (Paragraph 52; the environment identifier 112 converts the identified security environment to a hash value 220 and outputs the hash value 220 to the key manager 206. The example key manager 206 compares the hash value 220 output by the environment identifier 112 to a set of environment hashes 222. When the hash value 220 is matched to one of the environment hashes 222, the example key manager 206 releases any environment key(s) 204 that are authorized in association with the matching environment hash 222 for provision by the TEE manager 216 to the trusted execution environment 202a).
As per claim 12:  The system of claim 1, wherein the one or more processing devices are further configured to execute the computer-readable code to:
determine a configuration change or omission of the configuration change on the first entity computer system that resulted in the first current environment hash that failed Paragraph 47; The example trusted execution environments 202a, 202b implement the secure data processor 136 of FIG. 1 to securely process data based on a security level determined by the key manager 206. The key manager 206 may implement the security level selector 126 of FIG. 1 by determining a security level based on an identified environment).
As per claim 13:  The system of claim 12, wherein the one or more processing devices are further configured to execute the computer-readable code to:
suggest an updated configuration change (Paragraph 18; configure the computing device to enforce and/or comply with the security policy);
determine a first updated environment hash for the first entity computer system after the updated configuration change has been made (Paragraph 47; The example trusted execution environments 202a, 202b implement the secure data processor 136 of FIG. 1 to securely process data based on a security level determined by the key manager 206. The key manager 206 may implement the security level selector 126 of FIG. 1 by determining a security level based on an identified environment); and
store the first updated environment hash for the first entity computer system as a first stored environment hash (Paragraph 47;  secure processing and/or data storage environment, in some examples the secure data processor 136 is also capable of provide insecure data processing and/or data storage when secure data processing and/or data storage are not required).
As per claims 14 and 19:  The system of claim 1, wherein each of the environment hashes comprise a cryptographic hash output value comprising of a fixed-length character string (Paragraph 52; the environment identifier 112 converts the identified security environment to a hash value 220 and outputs the hash value 220 to the key manager 206).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/ANTHONY D BROWN/Primary Examiner, Art Unit 2433