DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
As per instant Amendment, Claim 23 is canceled; Claims 1, 3-5, 7, 8, 10, 12, 19, 20, 22, and 24 have been amended. Claims 1, 10, and 19 are independent claims.  Claims 1, 3-5, 7, 8, 10, 12-14, 17, 19-22, and 24-27 have been examined and are pending. This Action is made FINAL. 
Response to Arguments
Applicants’ arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 11/1/2021, with respect to the rejections of claims 1, 3-5, 7, 8, 10, 12-14, 17, 19-22, and 24-27 have been fully considered but are not persuasive.
Applicant asserts as follows:  Examiner Interview.  The Applicant’s Attorney wishes to thank the Examiner for affording him the opportunity to discuss amendments to claim 1 in the telephonic interview held on October 12, 2021. During the interview, the Examiner indicated that certain claim amendments discussed would likely overcome the art of record. No formal agreement was reached. 
Examiner respectfully notes the substance of the interview held on October 12, 2021. 
Applicant asserts as follows:  Claim Rejections - 35 U.S.C. § 103.  In this Amendment, the Applicant has amended claim 1 along the lines of the amendments 
Examiner respectfully notes that upon reconsideration and responsive to an update search, the independent claims are now rejected over Zimman, Habraken, and Gheorghe.
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b) (2) (C) for any potential 35 U.S.C. 102(a) (2) prior art against the later invention. 


Claims 1, 4, 5, 10, 13, 14, 19, and 27 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Zimman (US20070083604), filed October 12, 2005, in 
Regarding claim 1, Zimman discloses a method comprising: in response to an application window of an untrusted computing device having focus, receiving, at an encryption device, in response to receipt of the first command, entering, by the encryption device, an encryption mode of operation; encrypting  data from the keyboard by the encryption device, the encrypted data being provided via an application of the untrusted computing device; the untrusted computing device being in communication with a keyboard (Zimman, paragraph 0027 and 0091, application window associated with the untrusted computing device which is computer 108; computer 108 is untrusted because it receives encrypted data to be passed on to a remote computer; the application window having focus; encryption device 106 provided data by switching system to enter encryption mode for encrypting data from the keyboard).
Zimman does not explicitly disclose a first command from a remote application hosted by a remote virtual machine (VM), to the remote application; a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM..
However, in an analogous art, Habraken discloses a first command from a remote application hosted by a remote virtual machine (VM), to the remote application (Habraken, paragraph 0042, remote virtual machine executing application program 402 initiates encryption which is provided to the untrusted computing device);
a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM (Habraken, paragraph 0042, a remote VM  is in communication with the encryption device 112; paragraph 0008, a persistent key store; paragraph 0030, “application program 402 initiates cryptographic operations on the physical security token 112 and receives responses. Illustrative cryptographic operations include the generation of cryptographic keys, the importation of cryptographic keys”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Habraken with the system/method/computer program product of Zimman to include a first command from a remote application hosted by a remote virtual machine (VM), to the remote application; a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM.
One would have been motivated to provide users with the benefits of remote control of an encryption process (Habraken: paragraph 0042).
Zimman and Habraken disclose a remote VM and an encryption device, first key being pre-provisioned in association with the encryption device, a plurality of keys including the first key being pre-provisioned in association with the remote VM,  do not explicitly disclose a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value.
However, in an analogous art, Gheorghe a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Gheorghe with the system/method/computer program product of Zimman, and Habraken  a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value.
One would have been motivated to provide users with the benefits of performing dynamic configuration of load balancing operations (Gheorge: paragraph 0005).  
Regarding claim 4, Zimman, Habraken, and Gheorghe disclose the method of claim 1 and a VM.  Gheorghe discloses further comprising: pre-provisioning the first pre-shared key in association with the encryption device (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 5, Zimman, Habraken, Gheorghe disclose the method of claim 4 and an encryption device and a remote VM.  Gheorghe discloses comprising:  indexing the plurality of indexed pre-shared keys by a plurality of (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request).  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 10, Zimman discloses a system comprising: a memory: and processing circuitry configured to execute program instructions out of the memory (Zimman, paragraph 0094, processor, memory, instructions encompass processor performs functions);
in response to an application window of an untrusted computing device having focus, to receive a first command, in response to receipt of the first command, to enter an encryption mode of operation; to encrypt data from the keyboard, the encrypted data being provided via an application of the untrusted computing device; the untrusted computing device being in communication with a keyboard (Zimman, paragraph 0027 and 0091, application window associated with the untrusted computing device which is computer 108; computer 108 is untrusted because it receives encrypted data to be passed on to a remote computer; the application window having focus; encryption device 106 provided data by switching system to enter encryption mode for encrypting data from the keyboard).
Zimman does not explicitly disclose a first command from a remote application hosted by a remote virtual machine (VM), to the remote application.
However, in an analogous art, Habraken discloses a first command from a remote application hosted by a remote virtual machine (VM), to the remote application (Habraken, paragraph 0042, remote virtual machine executing application program initiates encryption which is provided to the untrusted computing device) ;
a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM (Habraken, paragraph 0042, a remote VM  is in communication with the encryption device 112; paragraph 0008, a persistent key store; paragraph 0030, “application program 402 initiates cryptographic operations on the physical security token 112 and receives responses. Illustrative cryptographic operations include the generation of cryptographic keys, the importation of cryptographic keys”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Habraken with the system/method/computer program product of Zimman to include a first command from a remote application hosted by a remote virtual machine (VM), to the remote application; a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM.
One would have been motivated to provide users with the benefits of remote control of an encryption process (Habraken: paragraph 0042).
Zimman and Habraken disclose a remote VM and an encryption device, first key being pre-provisioned in association with the encryption device, a plurality of keys including the first key being pre-provisioned in association with the remote VM,  do not explicitly disclose a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value.
However, in an analogous art, Gheorghe a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Gheorghe with the system/method/computer program product of Zimman, and Habraken  to include a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value.
One would have been motivated to provide users with the benefits of performing dynamic configuration of load balancing operations (Gheorge: paragraph 0005).
Regarding claim 13, Zimman, Habraken and Gheorghe disclose the system of claim 10.  Habraken discloses wherein encryption of the data is done with use of one or more encryption/decryption keys including one or more of (i) pre-shared keys, (ii) (Habraken, paragraph 0030, “Using the cryptographic API 406, application program 402 initiates cryptographic operations on the physical security token 112 and receives responses.  Illustrative cryptographic operations include encrypting data with a public key, decrypting data with a private key, obtaining a digital certificate including a public key signed by a certification authority (CA), authentication of user-provided information, and the generation of cryptographic keys, the importation of cryptographic keys, the importation of digital certificates, the loading and unloading of application data, setting configuration data such as the number of authentication tries and the length of a user authenticator such as a PIN, and blocking and unblocking of user credentials.”).
Regarding claim 14, Zimman, Habraken, and Gheorghe disclose the system of claim 7 and keyboard.  Gheorghe discloses wherein the processing circuitry is further configured to be wired or wirelessly coupled to the keyboard (Gheorghe, paragraph 0124, “A user can enter commands and information into the computer 1002 through one or more wire/wireless input devices, for example, a keyboard 1038 and a pointing device, such as a mouse 1040.  Other input devices may include microphones, infra-red (IR) remote controls, radio-frequency (RF) remote controls, game pads, stylus pens, card readers, dongles, finger print readers, gloves, graphics tablets, joysticks, keyboards, retina readers, touch screens (e.g., capacitive, resistive, etc.), trackballs, trackpads, sensors, styluses, and the like.  These and other input devices are often connected to the processing unit 1004 through an input device interface 1042 that is coupled to the system bus 1008, but can be connected by other interfaces such as a parallel port, IEEE 1394 serial port, a game port, a USB port, an IR interface, and so forth.”).  The motivation is the same as that of the 
Regarding claim 19, Zimman discloses a computer program product including non- transitory, computer-readable media having instructions that, when executed by control circuitry of a computerized apparatus, cause the control circuitry to perform a method comprising (Zimman, paragraph 0094, processor, memory, instructions encompass  processor performs functions): in response to an application window of an untrusted computing device having focus, receiving, at an encryption device, in response to receipt of the first command, entering, by the encryption device, an encryption mode of operation; encrypting  data from the keyboard by the encryption device, the encrypted data being provided via an application of the untrusted computing device; the untrusted computing device being in communication with a keyboard (Zimman, paragraph 0027 and 0091, application window associated with the untrusted computing device which is computer 108; computer 108 is untrusted because it receives encrypted data to be passed on to a remote computer; the application window having focus; encryption device 106 provided data by switching system to enter encryption mode for encrypting data from the keyboard).
Zimman does not explicitly disclose a first command from a remote application hosted by a remote virtual machine (VM), to the remote application; a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM.
However, in an analogous art, Habraken discloses a first command from a remote application hosted by a remote virtual machine (VM), to the remote application (Habraken, paragraph 0042, remote virtual machine executing application program initiates encryption which is provided to the untrusted computing device) ;
a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM (Habraken, paragraph 0042, a remote VM  is in communication with the encryption device 112; paragraph 0008, a persistent key store; paragraph 0030, “application program 402 initiates cryptographic operations on the physical security token 112 and receives responses. Illustrative cryptographic operations include the generation of cryptographic keys, the importation of cryptographic keys”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Habraken with the system/method/computer program product of Zimman to include a first command from a remote application hosted by a remote virtual machine (VM), to the remote application; a first key being pre-provisioned in association with the encryption device, a plurality of keys including the; first key being pre-provisioned in association with the remote VM.
One would have been motivated to provide users with the benefits of remote control of an encryption process (Habraken: paragraph 0042).
Zimman and Habraken disclose a remote VM and an encryption device, first key being pre-provisioned in association with the encryption device, a plurality of keys including the first key being pre-provisioned in association with the remote VM,  do not explicitly disclose a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value.
However, in an analogous art, Gheorghe a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Gheorghe with the system/method/computer program product of Zimman, and Habraken  a first pre-shared key being pre-provisioned in association with the encryption device, a plurality of indexed pre-shared keys including the first pre-shared key being pre-provisioned in association with the remote VM; in response to receipt of a second command from the remote application, accessing a value by the encryption device, the value being provided to the remote application via the application of the untrusted computing device, the encrypted data being decrypted at the remote VM using the first pre-shared key indexed by the value.
One would have been motivated to provide users with the benefits of performing dynamic configuration of load balancing operations (Gheorge: paragraph 0005)..
Regarding claim 27, Zimman, Habraken, and Gheorghe disclose the method of claim 1 and keyboard.  Gheorghe discloses further comprising: wirelessly pairing the encryption device with the untrusted computing device, the keyboard being wirelessly paired with the encryption device (Gheorghe, paragraph 0124, “A user can enter commands and information into the computer 1002 through one or more wire/wireless input devices, for example, a keyboard 1038 and a pointing device, such as a mouse 1040.  Other input devices may include microphones, infra-red (IR) remote controls, radio-frequency (RF) remote controls, game pads, stylus pens, card readers, dongles, finger print readers, gloves, graphics tablets, joysticks, keyboards, retina readers, touch screens (e.g., capacitive, resistive, etc.), trackballs, trackpads, sensors, styluses, and the like.  These and other input devices are often connected to the processing unit 1004 through an input device interface 1042 that is coupled to the system bus 1008, but can be connected by other interfaces such as a parallel port, IEEE 1394 serial port, a game port, a USB port, an IR interface, and so forth.”).  The motivation is the same as that of the claim from which this 
Claims 3, 12, 20, and 24-26 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Zimman (US20070083604), filed October 12, 2005, in view of Habraken (US20190327093), filed 5/20/2019, from PCT/US2016063913, filed 11/29/2016; and Gheorghe (US20170250859), filed 7/1/2016, and further in view of Haworth (US20180026947), filed 7/20/2016.
Regarding claim 3, Zimman, Habraken, and Gheorghe disclose the method of claim 1.  
Zimman, Habraken, and Gheorghe disclose an untrusted computing device, a remote application, and an encryption device, but do not explicitly disclose further comprising: in response to the application window of the untrusted computing device losing focus, receiving, at the encryption device, a second command from the remote application; and in response to receipt of the second command from the remote application, disengaging, by the encryption device, the encryption mode of operation.
Haworth discloses further comprising: in response to the application window of the untrusted computing device losing focus, receiving, at the encryption device, a second command from the remote application; and in response to receipt of the second command from the remote application, disengaging, by the encryption device, the encryption mode of operation (Haworth, paragraph 0062, “PC applications communicate with the KED through the CDC interface.  Actions such as gaining or losing focus on a window or a field that supports encryption generate an encryption ON or OFF command, which toggles the encryption state on the device MCU.”; paragraph 0087, “A focus listener that is operable to automatically end encryption for the field if the field is in encryption mode and then the field is caused to lose focus.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Haworth with the system/method/computer program product of Zimman, Habraken, and Gheorghe to include further comprising: in response to the application window of the untrusted computing device losing focus, receiving, at the encryption device, a second command from the remote application; and in response to receipt of the second command from the remote application, disengaging, by the encryption device, the encryption mode of operation.
One would have been motivated to provide users with the benefits of encrypting keystrokes such that their capture does not reveal protected information (Haworth: paragraph 0024).
Regarding claim 12, Zimman, Habraken, and Gheorghe e disclose the system of claim 10.  
Zimman, Habraken, and Gheorghe disclose an untrusted computing device, a remote application, and an encryption device, but do not explicitly disclose wherein the processing circuitry is further configured, in response to the application window losing focus, to execute the program instructions out of the memory to receive a second command from the remote application; and in response to receipt of the second command from the remote application, to disengage the encryption mode of operation.
to execute the program instructions out of the memory to receive a second command from the remote application; and in response to receipt of the second command from the remote application, to disengage the encryption mode of operation (Haworth, paragraph 0062, “PC applications communicate with the KED through the CDC interface.  Actions such as gaining or losing focus on a window or a field that supports encryption generate an encryption ON or OFF command, which toggles the encryption state on the device MCU.”; paragraph 0087, “A focus listener that is operable to automatically end encryption for the field if the field is in encryption mode and then the field is caused to lose focus.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Haworth with the system/method/computer program product of Zimman, Habraken, and Gheorghe to include wherein the processing circuitry is further configured, in response to the application window losing focus, to execute the program instructions out of the memory to receive a second command from the remote application; and in response to receipt of the second command from the remote application, to disengage the encryption mode of operation.
One would have been motivated to provide users with the benefits of encrypting keystrokes such that their capture does not reveal protected information (Haworth: paragraph 0024).
Regarding claim 20, Zimman, Habraken, and Gheorghe disclose the system of claim 10.  
of the untrusted computing device losing focus, receiving, at the encryption device, a second command from the remote application; and in response to receipt of the second command from the remote application, disengaging, by the encryption device, the encryption mode of operation.
Haworth discloses wherein the method further comprises: in response to the application window of the untrusted computing device losing focus, receiving, at the encryption device, a second command from the remote application; and in response to receipt of the second command from the remote application, disengaging, by the encryption device, the encryption mode of operation (Haworth, paragraph 0062, “PC applications communicate with the KED through the CDC interface.  Actions such as gaining or losing focus on a window or a field that supports encryption generate an encryption ON or OFF command, which toggles the encryption state on the device MCU.”; paragraph 0087, “A focus listener that is operable to automatically end encryption for the field if the field is in encryption mode and then the field is caused to lose focus.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Haworth with the system/method/computer program product of Zimman, Habraken, and Gheorghe to include wherein the method further comprises: in response to the application window of the untrusted computing device losing focus, receiving, at the encryption device, a second command from the remote application; and in response to receipt of the second command from the remote application, disengaging, by the encryption device, the encryption mode of operation.
One would have been motivated to provide users with the benefits of encrypting keystrokes such that their capture does not reveal protected information (Haworth: paragraph 0024).
Regarding claim 24, Zimman, Habraken, and Gheorghe disclose the method of claim 1.
Zimman, Habraken, and Gheorghe do not explicitly disclose further comprising: receiving, by the encryption device, predetermined data from the keyboard; and in response to receipt of the predetermined data from the keyboard, disengaging, by the encryption device, the encryption mode of operation.
However, in an analogous art, Haworth discloses further comprising: receiving, by the encryption device, predetermined data from the keyboard; and in response to receipt of the predetermined data from the keyboard, disengaging, by the encryption device, the encryption mode of operation (Haworth, paragraph 0062, “PC applications communicate with the KED through the CDC interface.  Actions such as gaining or losing focus on a window or a field that supports encryption generate an encryption ON or OFF command, which toggles the encryption state on the device MCU.”; paragraph 0087, “A focus listener that is operable to automatically end encryption for the field if the field is in encryption mode and then the field is caused to lose focus.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of 
One would have been motivated to provide users with the benefits of encrypting keystrokes such that their capture does not reveal protected information (Haworth: paragraph 0024).
Regarding claim 25, Zimman, Habraken, Gheorghe, and Haworth disclose the method of claim 24.  Haworth discloses wherein the predetermined data from the keyboard in communication with the untrusted computing device causes the application window of the untrusted computing device to lose focus (Haworth, paragraph 0062, “PC applications communicate with the KED through the CDC interface.  Actions such as gaining or losing focus on a window or a field that supports encryption generate an encryption ON or OFF command, which toggles the encryption state on the device MCU.”; paragraph 0087, “A focus listener that is operable to automatically end encryption for the field if the field is in encryption mode and then the field is caused to lose focus.”).
Regarding claim 26, Zimman, Habraken, Gheorghe, and Haworth disclose the method of claim 24.  Haworth discloses further comprising: delaying, by the encryption device, disengagement of the encryption mode of operation by a predetermined delay time (Haworth, paragraph 0062, “PC applications communicate with the KED through the CDC interface.  Actions such as gaining or losing focus on a window or a field that supports encryption generate an encryption ON or OFF command, which toggles the encryption state on the device MCU.”; paragraph 0087, “A focus listener that is operable to automatically end encryption for the field if the field is in encryption mode and then the field is caused to lose focus.”).
Claim 7 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Zimman (US20070083604), filed October 12, 2005, in view of Habraken (US20190327093), filed 5/20/2019, from PCT/US2016063913, filed 11/29/2016; and Gheorghe (US20170250859), filed 7/1/2016, and further in view of Wood (US20080137657), filed 12/11/2006.
Regarding claim 7, Zimman, Habraken, and Gheorghe disclose the method of claim 5.  Gheorghe discloses further comprising: wherein the plurality of values includes the value accessed by the encryption device, and wherein the method further comprises: in response to receipt of a query for the value from among the plurality of (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request)..
Zimman, Habraken, and Gheorghe do not explicitly disclose receiving, at the encryption device, the second command to provide the 
However, in an analogous art, Wood discloses receiving, at the encryption device, the second command to provide the (Wood, paragraph 0057, trusted server transmits request to untrusted servers for a path; paragraph 0059, “MPLS encryptors 130 may then determine LSPs to establish the requested QoS connection through the untrusted networks 120-1 and 120-2 (act 640).  For example, untrusted control units 440-U of MPLS encryptors 130-1 and 130-4 may initiate an LSP and create an entry in data table 520 (as stored in untrusted memory units 470-U) to determine an LSP label that may be used to form the requested QoS connection through untrusted network 120-1.  Also in this example, MPLS encryptors 130-2 and 130-4 may initiate an LSP and create an entry in data table 520 stored in untrusted memory units 470-U, to determine an LSP label used to form the requested QoS connection through untrusted network 120-2.  Once LSP labels have been determined, MPLS encryptors 130 may provide the LSP labels to the untrusted servers 150-2 and 150-3 (act 645).  For example, server 150-2 receives LSP labels for network 120-1 and server 150-3 receives LSP labels for network 120-2.  After receiving LSP labels from the MPLS encryptors 130, untrusted servers 150-2 and 150-3 may provide trusted server 150-1 with the LSP labels (act 650).”; paragraph 0058, “Untrusted server 150-2 (associated with network 120-1) may signal MPLS encryptors 130-1 and 130-4 via network 120-1, that a connection may be established from MPLS encryptor 130-1 to MPLS encryptor 130-4.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Wood with the system/method/computer program product of Zimman, Habraken, and Gheorghe to include receiving, at the encryption device, the second command to provide the 
One would have been motivated to provide users with the benefits of enabling quality of service transmissions over encrypted networks (Wood: paragraph 0008).
Regarding claim 8, Zimman, Habraken, Gheorghe, and Wood disclose the method of claim 7.  Wood discloses in response to receipt of the second command (Wood, paragraph 0057, trusted server transmits request to untrusted servers for a path; paragraph 0059, “MPLS encryptors 130 may then determine LSPs to establish the requested QoS connection through the untrusted networks 120-1 and 120-2 (act 640).  For example, untrusted control units 440-U of MPLS encryptors 130-1 and 130-4 may initiate an LSP and create an entry in data table 520 (as stored in untrusted memory units 470-U) to determine an LSP label that may be used to form the requested QoS connection through untrusted network 120-1”;  paragraph 0058, “Untrusted server 150-2 (associated with network 120-1) may signal MPLS encryptors 130-1 and 130-4 via network 120-1, that a connection may be established from MPLS encryptor 130-1 to MPLS encryptor 130-4.”).  Zimman discloses the encrypted data being decrypted, by the remote VM running a decryption application (Zimman, abstract, at the remote computer, the received input data is decrypted).  Gheorghe discloses further comprising: in response to receipt of the second first pre-shared key for receipt at the remote application, the encrypted data being decrypted, using the first pre-shared key, by the remote VM running a decryption application (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request). The motivation is the same as that of the claim from which this claim depends.
Claim 17 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Zimman (US20070083604), filed October 12, 2005, in view of Habraken (US20190327093), filed 5/20/2019, from PCT/US2016063913, filed 11/29/2016; and Gheorghe (US20170250859), filed 7/1/2016, and further in view of Heldt-Sheller (US20160180080), filed 12/22/2014.
Regarding claim 17, Zimman, Habraken, and Gheorghe disclose the system of claim 10 and remote VM.
VM is configured as part of a cloud-computing platform, and wherein the remote application hosted by the remote VM is a web application.
However, in an analogous art, Heldt-Sheller discloses wherein the remote VM is configured as part of a cloud-computing platform, and wherein the remote application hosted by the remote VM is a web application (Heldt-Sheller, paragraph 0027, “a trusted application endpoint may not be present and instead, an endpoint for receipt of trusted input may be at a remote location, such as a cloud-based location by way of a secure internet connection to a cloud-based resource, such as a server computer present at an endpoint data center, such as an enterprised data center.”)
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Heldt-Sheller with the system/method/computer program product of Zimman, Habraken, and Gheorghe to include wherein the remote VM is configured as part of a cloud-computing platform, and wherein the remote application hosted by the remote VM is a web application.
One would have been motivated to provide users with the benefits of ensuring that an undesired focus change during a trusted application execution does not occur (Heldt-Sheller: paragraph 0012).


Claims 21 and 22 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Zimman (US20070083604), filed October 12, 2005, in view of Habraken (US20190327093), filed 5/20/2019, from PCT/US2016063913, filed 11/29/2016, 
Regarding claim 21, Zimman, Habraken, and Gheorghe disclose the method of claim 1 and an encryption device and an encryption command.
Zimman, Habraken, and Gheorghe do not explicitly disclose wherein the first command is configured as an encrypted command, and wherein the method further comprises: decrypting, by the encryption device, the encrypted command, wherein the entering of the encryption mode of operation includes entering the encryption mode of operation in response to the decrypting of the encrypted command.
However, in an analogous art, Henry discloses wherein the first command is configured as an encrypted command, and wherein the method further comprises: decrypting, by the encryption device, the encrypted command, wherein the entering of the encryption mode of operation includes entering the encryption mode of operation in response to the decrypting of the encrypted command (Henry, paragraph 0017, “In U.S.  Pat.  No. 6,983,374, Hashimoto et al. teach a tamper resistant microprocessor that saves context information for one program whose execution is to be interrupted, where the processor state is encrypted and stored to system memory.  Hashimoto also teaches a technique for fetching encrypted instructions from system memory and apparatus for decrypting and executing the decrypted instructions.  In addition, Hashimoto teaches using a symmetric key to provide the encrypted instructions in memory and then using an asymmetric key algorithm to encrypt the symmetric key, which is stored in memory.  Accordingly, upon execution of a branch instruction, program control is transferred to a "start encrypted execution" instruction which passes a pointer to the encrypted symmetric key.  The processor fetches the encrypted symmetric key and decrypts it using its internal private key.  Subsequently, the encrypted program instructions are fetched from system memory, decrypted using the decrypted symmetric key, and executed by the processor.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Henry with the system/method/computer program product of Zimman, Habraken, and Gheorghe to include wherein the first command is configured as an encrypted command, and wherein the method further comprises: decrypting, by the encryption device, the encrypted command, wherein the entering of the encryption mode of operation includes entering the encryption mode of operation in response to the decrypting of the encrypted command.
One would have been motivated to provide users with the benefits of common cache mechanisms, interrupt logic, and exception processing logic for both unencrypted and encrypted code (Henry: paragraph 0017).
Regarding claim 22, Zimman, Habraken, Gheorghe, and Henry disclose the method of claim 21.  Gheorghe discloses wherein the encrypted command is encrypted by the remote application using the first pre-shared key (Gheorghe, paragraph 0075, “The relay initiation component 470 may augment the encrypted token with the key index.  The key index may be transmitted to the clients as a component of the relay information 475 and included in the relay bind requests 410, 415 in an unencrypted form to empower to the relay server components 490 to determine the particular encryption key from the encryption key table used to encrypt and that may be used to decrypt the encrypted token.”; paragraph 0076, “The first relay server component 490 may extract the key index from the first-client relay bind request 410 and extract the encrypted token from the first-client relay bind request 410.  The first relay server component 490 may retrieve the encryption key from the encryption key table based on the key index.”; predetermined value encompasses binding request)..  The motivation is the same as that of the claim from which this claim depends.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/W.J.M/Examiner, Art Unit 2439   


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439