DETAILED ACTION
The instant application having Application No. 16/736976 filed on January 8, 2020 is presented for examination by the examiner.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Oath/Declaration
The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

Information Disclosure Statement
As required by M.P.E.P. 609(C), the applicant’s submission of the Information Disclosure Statement submitted on 01/08/2020 is acknowledged by the examiner and the cited references have been considered in the examination of the claims now pending. As required by M.P.E.P. 609(C), a copy of the PTOL-1449 initialed and dated by the examiner is attached to the instant office action.
Drawings
The applicant’s drawings submitted on 01/08/2020 are acceptable for examination purposes.

Specification
The applicant’s Specification submitted on 01/08/2020 is acceptable for examination purposes.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-2, 5-6, and 8-10 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Pandey et al. (US Pub 2017/0286645), hereinafter referred to as Pandey, and in view of Bathula et al. (US Pub 2009/0260052), hereinafter referred to as Bathula, and in further view of Kameyama et al. (US Pub 2002/0065934), hereinafter referred to as Kameyama.
Regarding claim 1, Pandey teaches a method comprising: 
establishing, by a processor, a trusted execution area for a first computing process (Pandey, par 39, establish child enclaves in a secure enclave page cache within or in association with a processor, computer system, or other processing apparatus. Pandey, par 41, a parent process may create (i.e. fork) a child process and establish a copy for the child process enclave in a secure EPC, discloses processor establish child enclaves in a secure enclave page cache, disclosed in par 39, is mapped to “establishing, by a processor, a trusted execution area” for a parent process disclosed in par 41, is mapped to a “first process” ), wherein the trusted execution area comprises an encrypted storage area (Pandey, par 95, secure enclave storage areas have the same key, Pandey, par 96, The above example instructions may implicitly or explicitly specify addresses for secure storage allocated in the EPC to enclaves of a parent and a child process to store secure enclave control structure data, application data, application code … the child process may execute, or the system SGX library may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, secure storage allocated to child process in EPC is mapped to the child enclave mapped to trusted execution area comprise a storage area (par 96), in addition, the secure storage is encrypted with the symmetric key);
copying data of the first computing process into the trusted execution area, wherein the data comprises executable data or non-executable data (Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc. copying application data pages, application code pages, and enclave library code pages is mapped to copying “data of the first computing process into the trusted execution area” wherein code pages are executable data and data pages are non-executable data); 
storing, by the processor, a copy of the data of the first computing process (Pandey, par 152, Embodiments of processor core 1501 may support enclave child copy instructions (e.g. ECHILDCOPY instruction 1534 and/or ECHILDCOPY Resume instruction 1536) to interrupt and resume instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc. from the secure enclave 1504 allocated to the parent process to a secure enclave 1505 allocated to the child process, discloses embodiments of a processor copies and stores the copy of data of the parent process); and
executing, by the processor, the first computing process using the trusted execution area (Pandey, par 96, the parent process may execute, or a system Software Guard Extension (SGX) library may execute an instruction to copy the parent secure enclave control structure (SECS) to a secure storage area for the child process. Pandey, par 150, Embodiments of processor core 1501 may also comprise other pipeline stages (e.g. as shown in pipeline 400) for execution of enclave fork instructions 1503 to provide multiprocessing capabilities including to interrupt and resume instructions to fork processes and establish child enclaves in secure enclave page cache). 
Pandey does not expressly teach enabling a second computing process to access the copy of the data of the first computing process.
Bathula teaches enabling a second computing process to access [the copy of] the data of the first computing process (Bathula, par 26, processes may comprise at least one of a game application, a financial application, an electronic document processing application, a productivity application, an internet access application, a personal information management application, an interface management process, a user management process, a server process, and an operating system process. The aforementioned are merely examples, and other processes may be used. Bathula, par 29,   security policy may permit all interactions between first process chamber 110 and second process chamber 120 while another security policy may permit first process chamber 110 limited or no interaction with third process chamber 150, discloses the security policy control the granting and denying access to the data among processes wherein processes comprise a game application, financial application, operating system process, etc).
Pandey and Bathula are from a similar field of technology, respectively related to: (i) securing data of the process among other entities; (ii) preventing security breaches by improper or unauthorized access from one process to another process. Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Pandey with the system and method of Bathula to enhance security by limiting access to one process on another process permitted by a security policy for interaction between the first and the second process (Bathula, par 3), and the a variety of process including at least one game application and one operating system process (Bathula, par 26).
Pandey in view of Bathula does not expressly teach enabling a second computing process to access the copy of the data of the first computing process.
Kameyama teaches enabling a second computing process to access the copy of the data of the first computing process (Kameyama, par 55, At step S10, the parent process 112 turns on a copy request flag 140 to inform the child process 115 of presence of data to be copied. Kameyama, par 52, The child process 115 must be ready for communication because it expects communication with the process 162. Trigger T4 enables the child process 115 to send data (SEND). This trigger is an expected trigger. The child process 115 must be ready for communication because it is going to send data to the process 162, discloses the child process would have copy of the parent process and the process 162 only has access to the copy of the data).
Pandey and Kameyama are from a similar field of technology, respectively related to: (i) creating a secured, protected, and isolated partition by establishing a child process; (ii) a child process is created by a fork, copying data and code from the parent process. Pandey, Bathula, and Kameyama are from a similar field of technology, respectively related to: (i) securing data of the process among other entities. Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Pandey and Bathula with the system and method of Kameyama as a client process 162 can have the access to the child process and the copied data of the parent process. The client process 162 can be an example of a plurality of process, disclosed in Bathula par 26, and the process communicate and obtain access to the copy of the first processing  stored in the child process (Kameyama, par 55). 
Regarding claim 10, it is a system claim that encompasses limitations similar to those of method claim 1. Therefore claim 10 is rejected with the motivation and rational as applied against claim 1. In addition, Pandey teaches a memory; and a processing device communicably coupled to the memory (Pandey, par 101, processor core 490 including a front end unit 430 coupled to an execution engine unit 450, and both are coupled to a memory unit 470).
Regarding claim 2, Pandey, Bathula, and Kameyama teach the method of claim 1. Bathula further teaches wherein the first computing process is an application process and the second computing process is a kernel process that manages the application process (Bathula, par 26, first process 115 may be associated with first process chamber 110 and second process 125 may be associated with second process chamber 120. Consistent with embodiments of the invention, processes may comprise at least one of a game application, a financial application, an electronic document processing application, a productivity application, an internet access application, a personal information management application, an interface management process, a user management process, a server process, and an operating system process, discloses a game application is mapped to “the first computing process is an application process”, an operating system process is mapped to “the second computing process is a kernel process” and operating system process function is to manage the different application processes and resources).
Bathula does not expressly teach the following limitation:
wherein the data in the trusted execution area is accessible to the application process and inaccessible to the kernel process.
However, Pandey teaches a kernel process that manages the application process (Pandey, par 98, It will also be appreciated that managing permissions, physical memory and/or changing mappings may still be managed by an OS, a kernel is a part of an OS that implements the concept of process to allow scheduling of the processes that operating system, disclosed in Bathula par 26, managing permissions is mapped to “a kernel process that manages the application process”), wherein the data in the trusted execution area is accessible to the application process and inaccessible to the kernel process (Pandey, par 4, secure enclave data is allocated to a particular process and associated with a unique enclave identifier for that process, such that access to the secure enclave data is restricted to an authorized process. Not even the operating system is permitted to access decrypted enclave data associated with an enclave identifier of a different process, discloses secure enclave is mapped to the “trusted execution area” where access to the secure enclave data is restricted to an authorized process maps to “trusted execution area is accessible to the application process”, and not even operating system is permitted to access to enclave data maps to “inaccessible to the kernel process).
Regarding claim 5, Pandey, Bathula, and Kameyama teach the method of claim 1.  In addition, Pandey teaches wherein the trusted execution area comprises a trusted execution environment (TEE) that comprises a portion of memory and a portion of the processor (Pandey, Fig. 14B, discloses logical processor 1420, 1430, and memory portion 1440, 1450 comprise said trusted execution environment.  Pandey, par. 144, FIG. 14B illustrates another embodiment of a processing system 1402 to provide multiprocessing capabilities for a secure enclave page cache.  Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc. from the secure enclave allocated to the parent process to a secure enclave allocated to the child process.), wherein the portion of memory comprises a contiguous portion of virtual memory of the first computing process (Pandey, Fig. 14B, disclose cache memory 1440, 1450 include virtual memory 1442, 1446, 1452, and 1456.  Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc. from the secure enclave allocated to the parent process to a secure enclave allocated to the child process.  In embodiments of logical processors 1420 and 1430 … copy the secure data from the first secure storage area (e.g. at 1446) in the EPC 1460 to the second secure storage area (e.g. at 1456) in the EPC 1460.).
Regarding claim 12, it is a system claim that encompasses limitations similar to those of method claim 5. Therefore, claim 12 is rejected with the motivation and rationale as applied against claim 5. 
In addition, Pandey teaches wherein the data of the first computing process that is loaded into the trusted execution area is accessible by the first computing process and inaccessible to the second computing process (Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc. copying application data pages, application code pages, and enclave library code pages is mapped to loading “data of the first computing process into the trusted execution area” wherein code pages are executable data and data pages are non-executable data).
Regarding claim 6, Pandey, Bathula, and Kameyama teach the method of claim 1.  Pandey further teach enabling the second computing process to access the copy of the data comprises the second computing process being provided a cryptographic key that enables the second computing process to decrypt the stored copy of the data (Pandey, par 140, In some embodiments the OS may evict a page or pages (e.g. page 1442, 1446 or 1452), encrypt the data, and write them back to memory (e.g. as encrypted page 1495) or to non-volatile storage. In some embodiment the OS may then read a new page (e.g. page 1410) from memory or non-volatile storage, decrypt the data and store the decrypted page in EPC 1460. The paging process (e.g. where secure enclave page cache memory contents are encrypted and written back, new pages are loaded from memory and decrypted, discloses copied data in the memory is encrypted.  Pandey, par 152, In one embodiment the first secure storage area (e.g. at 1542 and/or 1546) allocated to a corresponding secure enclave 1504 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data), secure enclave is mapped to the “trusted execution area”, wherein the data is encrypted/decrypted with a cryptographic key).
Regarding claim 8, Pandey, Bathula, and Kameyama teach the method of claim 1. Pandey further teaches wherein the stored copy of the data is encrypted using a first cryptographic key (Pandey, par 140, In some embodiments the OS may evict a page or pages (e.g. page 1442, 1446 or 1452), encrypt the data, and write them back to memory (e.g. as encrypted page 1495) or to non-volatile storage. In some embodiment the OS may then read a new page (e.g. page 1410) from memory or non-volatile storage, decrypt the data and store the decrypted page in EPC 1460. The paging process (e.g. where secure enclave page cache memory contents are encrypted and written back, new pages are loaded from memory and decrypted, discloses copied data in the memory is encrypted) and the data in the trusted execution area is encrypted using a second cryptographic key (Pandey, par 152, In one embodiment the first secure storage area (e.g. at 1542 and/or 1546) allocated to a corresponding secure enclave 1504 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data), secure enclave is mapped to the “trusted execution area”, wherein the data is encrypted with a cryptographic key).
Regarding claim 13, it is a system claim that encompasses limitations similar to those of method claim 8. Therefore claim 13 is rejected with the motivation and rational as applied against claim 8.
Regarding claim 9, Pandey, Bathula, and Kameyama teach the method of claim 1. Pandey further teaches wherein the trusted execution area stores the data of the first computing process in the encrypted storage area (Pandey, par 140, Processor 1402 also comprises secure enclave (SE) unit 1470 and enclave page cache, EPC 1460. For some embodiments EPC 1460 may be part of a larger cache unit, e.g. one or more level-one caches 1440 and 1450, or a level-two cache (not shown). For other embodiments EPC 1460 may be a separate structure or distributed structure (e.g. cache 1440 and cache 1450) shared by multiple hardware threads, logical processors or processing cores, to store secure data for, or associated with addresses of pages (e.g. 1442, 1446 and 1452) allocated to one or more secure enclaves and accessible by the hardware threads, logical processors or processing cores. In some embodiments the OS may evict a page or pages (e.g. page 1442, 1446 or 1452), encrypt the data, and write them back to memory (e.g. as encrypted page 1495), discloses secure enclave encrypt the data and write them back to memory is mapped to “trusted execution area stores the data of the first computing process in the encrypted storage area”) and wherein the copying the data of the first computing process (Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc, discloses copying data into enclave page cache) comprises the processor receiving the data in an encrypted form over a bus from the encrypted storage area (Pandey, par 4, When data and/or instructions for an enclave are loaded from external memory, they are decrypted, authenticated and then stored or cached in a protected memory, data and/or instructions are loaded is mapped to “processor receiving the data”, and once loaded the data being decrypted is mapped to “data in an encrypted form”. Pandey, par 140, In some embodiments the OS may evict a page or pages (e.g. page 1442, 1446 or 1452), encrypt the data, and write them back to memory (e.g. as encrypted page 1495) ...The paging process (e.g. where secure enclave page cache memory contents are encrypted and written back, new pages are loaded from memory and decrypted, discloses copy of data is loaded to the processor from the memory 1495 which is mapped to the “encrypted storage area. Pandey, par 56, The processor 102 is coupled to a processor bus 110 that can transmit data signals between the processor 102 and other components in the system 100. The elements of system 100 perform their conventional functions that are well known to those familiar with the art. Pandey, par 139, it is typical for processors such as processor 1402, or other processors illustrated herein, to have several logical processor cores, which may or may not share some physical resources (e.g. EPC 1460) and or circuitry (e.g. SE unit 1470), discloses enclave page cache and or secure enclave may not share the physical resources, and the bus is the component that transmit data signals).

Claims 3 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Pandey, Bathula, Kameyama, and in view of Banga et al. (US Pub 2015/0143374), hereinafter referred to as Banga.
Regarding claim 3, Pandey, Bathula, and Kameyama teach the method of claim 1.  Pandey further teaches wherein the first computing process is a [virtual machine process] (Pandey, par 40, the parent process may execute, or a system Software Guard Extension (SGX) library may execute an instruction to copy the parent secure enclave control structure (SECS) to a secure storage area for the child process) and the second computing process (Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc.  Pandey, par 152, In one embodiment the first secure storage area (e.g. at 1542 and/or 1546) allocated to a corresponding secure enclave 1504 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data) and the second secure storage area (e.g. at 1552 and/or 1556) allocated to a corresponding second secure enclave 1505 of the child process is also to be associated with the same first key,), and a hypervisor (Pandey, par 20, a processor micro-architecture to execute instructions that fork processes and establish child enclaves in a secure enclave page cache. Pandey, par 49, In one embodiment, the instruction set architecture (ISA) may be implemented by one or more micro-architectures, which includes processor logic and circuits used to implement one or more instruction sets. Alternative embodiments may implement the ISA through microcode, extended microcode or microcode assists, a hypervisor, binary translation, hardware recompilation, discloses a processor micro-architecture executing to establish child enclaves is mapped to “the second computing process”) [that manages the virtual machine process], and wherein the data in the trusted execution area is accessible to the virtual machine process (Pandey, par 96, system SGX library may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, then also set an entry for EPC mapping to partial completion, and record a page state in the child enclave, discloses SGX library executing an instruction is mapped to the “first computing process”, and said process is accessible to the enclave of the child mapped to the “trusted execution area” as it copies data from the parent enclave to the child enclave, implying said process have the access to the trusted execution area) and inaccessible to the [hypervisor process] (Pandey, par 4, secure enclave data is allocated to a particular process and associated with a unique enclave identifier for that process, such that access to the secure enclave data is restricted to an authorized process. Not even the operating system is permitted to access decrypted enclave data associated with an enclave identifier of a different process, discloses even the operating system is not permitted to access secure enclave data that the second computing process cannot access to the data in the trusted execution area).
Pandey, does not expressly disclose the first computing process is a virtual machine process, a hypervisor process that manages the virtual machine process.
	However, Banga teaches first computing process is a virtual machine process (Banga, par 38, Client 200 includes a number of virtual machines (such as 230, 240, 250, and 260, for example) that execute on hardware 210 of client 200. The various VMs within client 200 may be used for separately executing processes associated with different activities), and
	the second computing process is a hypervisor process that manages the virtual machine process (Banga, par 18, the user runs multiple independent operating systems on their laptop or desktop on multiple virtual machines (VMs) within the client system which have been created using a hypervisor. Banga, par 104, A hypervisor, also called virtual machine manager (VMM), is one of many hardware virtualization techniques that allow multiple operating systems, termed guests, to run concurrently on a host computer, operating systems are run on the VMs and the hypervisor allow running of multiple operating systems is mapped to “hypervisor process manages virtual machine process”).
Pandey, Bathula, Kameyama, and Banga are from a similar field of technology, respectively related to: (i) establishing a trusted execution area separated from current process; (ii) copying data of said process into the said area. Banga further teaches a SGX, used in Pandey for the first process, is included in examples of virtual machine (Banga, par 35). Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Pandey with the system and method of Banga to further to execute untrusted software in isolated contexts which include virtual machines and the hypervisor to monitor virtual machines.

Claims 4 and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pandey, Bathula, Kameyama, and in view of Wiacek et al. (US Pub 2019/0116030), hereinafter referred to as Wiacek.
Regarding claim 4, Pandey, Bathula, and Kameyama teach the method of claim 1. Pandey teaches the operating system is not permitted to access decrypted enclave data associated with the first process (Pandey, par 5, the operating system cannot access the decrypted enclave data associated with the parent process).
Pandey, Bathula, and Kameyama do not expressly teach the following limitations: 
inspecting, by the second computing process, the stored copy of the data of the first computing process; and
determining, by the second computing process in view of the inspecting, that the data of the first computing process that is in the trusted execution area comprises non-malicious executable code.
 However, Wiacek teaches inspecting, by the second computing process, the stored copy of the data of the first computing process (Wiacek, par. 9, In some aspects, the operations include identifying an application that initiated the process, monitoring behavior of the application after identifying the application that initiated the process. Wiacek, par 31, To preserve encryption data 134 generated for ransomware, e.g., the ransomware 130, the data security application 142 can use code to intercept requests (e.g., API calls) submitted to the cryptography libraries and obtain a copy of the encryption data generated by the cryptography libraries 114, discloses the copy of the encryption data is used for inspecting.  Wiacek, par 45, If the process is not determined to be trusted and the data security application 140 is not confident the process is ransomware, the data security application 140 can store the copy of the encryption data for the process and monitor the behavior of the process or its application, as described above, discloses monitoring is mapped to “inspecting”); and
determining, by the second computing process in view of the inspecting, that the data of the first computing process that is in the trusted execution area comprises non-malicious executable code (Wiacek, par 31, To preserve encryption data 134 generated for ransomware, e.g., the ransomware 130, the data security application 142 can use code to intercept requests (e.g., API calls) submitted to the cryptography libraries and obtain a copy of the encryption data generated by the cryptography libraries 114.  Wiacek, par 44, In some implementations, the data security application 140 can determine how long to store copies of encryption data based on one or more characteristics of the process. For example, if a process is known to be trusted, e.g., because the process or its application is included in a list of trusted processes or trusted applications, the data security application 140 can delete the copy of the encryption data for the process, discloses the monitored application/process is determined to be trusted (i.e., non-malicious executable)).
Pandey, Bathula, Kameyama, and Wiacek are from a similar field of technology, respectively related to: (i) establishing a trusted execution area separated from current process; (ii) copying data of said process into the said area. Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Pandey with the system and method of Wiacek to enhance the security of the trusted execution environment by having the second computing process to inspect and determine if there is malicious code in the copy of the data of the first computing process stored in the trusted environment. (Wiacek, par 45).
Regarding claim 14, it is a system claim that encompasses limitations similar to those of method claim 4. Therefore claim 14 is rejected with the motivation and rational as applied against claim 4.
Regarding claim 15, it is a non-transitory machine-readable storage medium claim that encompasses limitations similar to those of method claim 1. Therefore claim 15 is rejected with the motivation and rational as applied against claim 1.  In addition Pandey discloses: 
receiving, by the processor, a request of a computing process to execute within a trusted execution environment (TEE) (Pandey, par 157, FIG. 16 illustrates a flow diagram for one embodiment of a process 1601 to fork processes and establish child enclaves in a secure enclave page cache. Process 1601 and other processes herein disclosed are performed by processing blocks that may comprise dedicated hardware or software, a processor receives a request of fork call to establish child enclaves in EPC); 
loading data of the computing process into the trusted execution environment, wherein the data comprises executable data or non-executable data (Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc.  Pandey, par 152, In one embodiment the first secure storage area (e.g. at 1542 and/or 1546) allocated to a corresponding secure enclave 1504 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data) and the second secure storage area (e.g. at 1552 and/or 1556) allocated to a corresponding second secure enclave 1505 of the child process is also to be associated with the same first key,).  
Pandey, Bathula, and Kameyama do not expressly teach the remaining limitation of the claim.  
However, Wiacek teaches enabling a kernel to access the copy of the data of the computing process (Wiacek, par. 9, In some aspects, the operations include identifying an application that initiated the process, monitoring behavior of the application after identifying the application that initiated the process. Wiacek, par 31, To preserve encryption data 134 generated for ransomware, e.g., the ransomware 130, the data security application 142 can use code to intercept requests (e.g., API calls) submitted to the cryptography libraries and obtain a copy of the encryption data generated by the cryptography libraries 114, discloses the copy of the encryption data is used for inspecting. Wiacek, par. 43, For copies of encryption data that the data security application 140 determines to store, the data security application 140 can store the copies of the encryption data in a secure data storage location 144 on the user device 110 or send the encryption data to a key escrow service 170 remote from and/or across the network 150 from the user device 110. The secure storage area of the user device 110 can be a hardware-backed secure storage area of the user device 110, the kernel of the operating system 112, or in another data storage location that is inaccessible by the ransomware 130.); and  
inspecting, by the kernel, the copy of the data of the computing process (Wiacek, par. 43, For copies of encryption data that the data security application 140 determines to store, the data security application 140 can store the copies of the encryption data in a secure data storage location 144 on the user device 110 or send the encryption data to a key escrow service 170 remote from and/or across the network 150 from the user device 110. The secure storage area of the user device 110 can be a hardware-backed secure storage area of the user device 110, the kernel of the operating system 112, or in another data storage location that is inaccessible by the ransomware 130.  Wiacek, par 45, If the process is not determined to be trusted and the data security application 140 is not confident the process is ransomware, the data security application 140 can store the copy of the encryption data for the process and monitor the behavior of the process or its application, as described above, discloses monitoring is mapped to “inspecting”).
Regarding claim 16, it is a non-transitory machine-readable storage medium claim that encompasses limitations similar to those of method claim 8. Therefore claim 16 is rejected with the motivation and rational as applied against claim 8.
Regarding claim 17, Pandey, Bathula, Kameyama and Wiacek teach the method of claim 1. 
In addition, Pandey teaches wherein the encrypted storage area comprises a contiguous portion of virtual memory of the computing process (Pandey, Fig. 14B, disclose cache memory 1440, 1450 include virtual memory 1442, 1446, 1452, and 1456.  Pandey, par 145, In this second example, embodiments of logical processors 1420 and 1430 may also support enclave child copy instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc. from the secure enclave allocated to the parent process to a secure enclave allocated to the child process.  In embodiments of logical processors 1420 and 1430 … copy the secure data from the first secure storage area (e.g. at 1446) in the EPC 1460 to the second secure storage area (e.g. at 1456) in the EPC 1460.).
Regarding claim 18, it is a non-transitory machine-readable storage medium claim that encompasses limitations similar to those of method claim 9. Therefore claim 18 is rejected with the motivation and rational as applied against claim 9.
Regarding claim 19, Pandey, Bathula, Kameyama, and Wiacek teach the non-transitory machine-readable storage medium of claim 15.
	In addition, Wiacek further teaches wherein enabling the kernel to access the copy of the data of the computing process comprises the processor providing a cryptographic key to the kernel that enables the kernel to decrypt the copy of the data (Wiacek, par 31, To preserve encryption data 134 generated for ransomware, e.g., the ransomware 130, the data security application 142 can use code to intercept requests (e.g., API calls) submitted to the cryptography libraries and obtain a copy of the encryption data generated by the cryptography libraries 114 … the data security application 140 wraps the cryptography libraries 114 and/or its API, e.g., using a wrapper class, to obtain the key and process data 142, discloses the copy of the encryption data is accessible to the kernel and the security application obtains key for decryption).
Regarding claim 20, Pandey, Bathula, Kameyama, and Wiacek teach the non-transitory machine-readable storage medium of claim 15.
	In addition, Pandey further teaches wherein enabling the kernel to access the copy of the data of the computing process reduces data confidentiality without reducing data integrity of the data in the trusted execution environment (Pandey, par 5. the operating system cannot access the decrypted enclave data associated with the parent process, OS will not have the access to the original data indicates integrity level in the trusted execution environment remains the same. Pandey, par 152, In one embodiment the first secure storage area (e.g. at 1542 and/or 1546) allocated to a corresponding secure enclave 1504 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data), the encryption/decryption processes reduce the confidentiality as decryption process would reveal data of the process).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Pandey, Bathula, Kameyama, and in view of Kirovski (US Pub 2009/0147949), hereinafter referred to as Kirovski.
Regarding claim 7, Pandey, Bathula, and Kameyama teach the method of claim 1. Pandey further teaches [transmitting, by the processor, a cryptographic key to a device over a network], wherein the cryptographic key is a symmetric transport key (Pandey, par 152, first secure storage area (e.g. at 1542 and/or 1546) allocated to a corresponding secure enclave 1504 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data) and the second secure storage area (e.g. at 1552 and/or 1556) allocated to a corresponding second secure enclave 1505 of the child process is also to be associated with the same first key, discloses a first key is a “symmetric transport key”); 
[and receiving, from the device over the network], the data of the first computing process and the symmetric transport key (Pandey, par 152, In one embodiment the first secure storage area (e.g. at 1542 and/or 1546) allocated to a corresponding secure enclave 1504 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data) and the second secure storage area (e.g. at 1552 and/or 1556) allocated to a corresponding second secure enclave 1505 of the child process is also to be associated with the same first key …copying application data pages, application code pages, enclave library code pages, etc. from the secure enclave 1504 allocated to the parent process to a secure enclave 1505 allocated to the child process, disclose first key is symmetrical, data of the first computing process is copied into the secure enclave of the child process), 
wherein the data of the first computing process is encrypted using the cryptographic key (Pandey, par 152, a first key (e.g. for encrypting and/or decrypting secure data), 
wherein storing the copy of the data comprises storing the copy of the data that is encrypted using the cryptographic key (Pandey, par 152, the second secure storage area (e.g. at 1552 and/or 1556) allocated to a corresponding second secure enclave 1505 of the child process is also to be associated with the same first key … resume instructions to fork processes and establish child enclaves in a secure enclave page cache by securely copying application data pages, application code pages, enclave library code pages, etc. from the secure enclave 1504 allocated to the parent process to a secure enclave 1505 allocated to the child process, discloses the same key is used when copying into a secure enclave allocated to the child process).
Pandey, Bathula, and Kameyama do not expressly teach the following limitations:
transmitting, by the processor, a cryptographic key to a device over a network; and receiving, from the device over the network, the cryptographic key (i.e., symmetric transport key).
Kirovski teaches transmitting, by the processor, a cryptographic key to a device over a network (Kirovski, par 23, Typically, the thin client should authenticate itself to server 106, download encryption keys from server 106, undertake or perform encryption or decryption of data on storage media associated with client, discloses a cryptographic key is transmitted to a client device); and
receiving, from the device over the network, the cryptographic key (i.e., symmetric transport key). (Kirovski, par 23, Typically, the thin client should authenticate itself to server 106, download encryption keys from server 106, undertake or perform encryption or decryption of data on storage media associated with client, discloses key is received over the network).
Pandey, Bathula, Kameyama, and Kirovski are from a similar field of technology, respectively related to: (i) establishing a trusted execution area separated from current process; (ii) copying data of said process into the said area. Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Pandey with the system and method of Kirovski to enhance the security of the trusted execution environment by having the cryptographic keys are disseminated to device as the server can use credentials of device to generate a set of symmetric cryptographic keys related to the credentials.

Related Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure includes:
Chhabra (US Pub 2017/0026181) – teaches secure enclaves protected by protection mechanisms
Bacher (US Pub 2018/0285143) – teaches prevent access to VM memory by hypervisor
Banga (US Pub 2015/0143374) – teaches virtual machine process and hypervisor process
Xing (US Pub 2014/0006711) – teaches secure execution environment using virtual machines and virtual memories
Bhat (US Pub 2016/0371495) – teaches enabling other process to access to the copy of first process

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUNGWOO LEE whose telephone number is (571)272-1332. The examiner can normally be reached Monday - Friday 8:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571)272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/J.L./Examiner, Art Unit 2498   

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498