DETAILED ACTION
This office action is in response to applicant’s communication dated 1/4/2022. 

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.  

Claims’ Status
Claims 1-20 are pending and are currently being examined.
Claims 1, 8 and 15 are independent.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim(s) 1-2, 4-5, 8-11 and 14-18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang Ik Cho (hereinafter Chang –WO 2009064048 A1) in view of Tenorio; Manoel (hereinafter Tenorio – US 7149744 B1) and further in view of Rajakarunanayake; Yasantha et al. (hereinafter Rajakarunanayake – US 20140123209 A1).

Independent Claims 1, 8 and 15:
	As per claims 1, 8 and 15, Chang teaches One or more storage devices or storage disks having instructions stored thereon (and respective device and method) which, when executed by a first processor, cause the first processor to:
monitor operations of a main operating system (OS) including access to a web site; (Pg 10:16-26, FIG. 7 at S702, determination unit 402 determines whether the authorized web site address is an access-permitted web site address, i.e., “monitor access to one or more web sites”; also see Pgs 14:1-10/15-24 and 15:17-20) 
identify a switching event (Pg 6:19-27, a signal for switching)
that corresponds to an attempted operation associated with the web site […]; (Pg 6:13-27, the signal may be correspond to a user intending to use a financial transaction service.)
and switch from the main OS to a secure OS (deactivate first OS and execute second OS) responsive to identifying the switching event, […]. (Pgs 6:28-7:13)
Chang does not appear to expressly teach that the attempted operation includes access to a confidential document. 
However, Tenorio teaches/suggests that the attempted operation includes access to a confidential document (a buyer accesses stored transaction documents, which contain confidential information, in order to facilitate current or future transactions, see at least Abstract and col 17:29-50). 
 the attempted operation includes access to a confidential document, as taught/suggested by Tenorio.
One would have been motivated to make such a combination in order to a more versatile and efficient storage/device/method allowing for the performance of financial transactions that access and reuse confidential information in transaction documents (at least Tenorio col 1:54-60).
Chang does not appear to expressly teach the secure OS executing in a trusted execution environment (TEE) including a second processor that is physically separate from the first processor. 
However, Rajakarunanayake teaches/suggests that the TEE wherein the secure OS operates includes the secure OS executing in a trusted execution environment (TEE) including a second processor that is physically separate from the first processor. (an SE [that is, a TEE] has processing circuitry that is separate from a host’s processing circuitry, ¶¶ 20, and the SE employs its own operating system [a secure OS], ¶ 26; “SE” is a secure element, ¶ 12). 
Accordingly, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the one or more storage devices or storage disks (and the respective device and method) of Chang to include that the secure OS executing in a trusted execution environment (TEE) including a second processor that is physically separate from the first processor. as taught/suggested by Rajakarunanayake.
One would have been motivated to make such a combination in order to provide a more secure storage/device/method that prevents untrusted services from accessing certain resources (Rajakarunanayake ¶ 23).
	
Claims 2, 9 and 16:
The rejection of claims 1, 8 and 15 is incorporated. As per claims 2, 9 and 16, Chang, as modified, further teaches 
identify one or more secure operations to be executed, wherein execution of the one or more secure operations in the main OS corresponds to the attempted operation (Chang Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction service using the secure OS, necessarily occurs after identifying one or more secure operations to be executed. “Secure operations” is herein interpreted as operations effectuated using the secure OS.)
that includes access to the confidential document (Tenorio Abstract and col 17:29-50). 

Claims 4, 10 and 17:
The rejection of claims 2, 9 and 16 is incorporated. As per claims 4, 10 and 17, Chang, as modified, further teaches execute the one or more secure operations in the secure OS (Chang Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction 

Claims 5, 11 and 18:
	The rejection of claims 4, 10 and 17 is incorporated. As per claims 5, 11 and 18, Chang, as modified, further teaches switch from the secure OS to the main OS (Chang FIG. 7 at S708, the First OS is activated again after the transactions are effectuated, therefore the switching back to the first OS is also “responsive to the one or more secure operations being executed” [of instant claim 11] and “responsive to executing the one or more secure operations in the secure operations in the secure OS” [of instant claim 18]). 

Claim 14:
	The rejection of claim 8 is incorporated. As per claim 14, Chang, as modified, further teaches wherein the device includes at least one of a smart phone, a tablet computer, a laptop computer (notebook PC), or a desktop computer (Chang Pg 6:13-15). 

Claim 3 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009064048 A1) in view of Tenorio (US 7149744 B1) and Rajakarunanayake (US 20140123209 A1) as applied to claim 2 above, and further in view of Hoy; Robert B. et al. (hereinafter Hoy – US 20130318594 A1).

Claim 3:
The rejection of claim 2 is incorporated. As per claim 3, Chang further teaches that a certain web sites of financial institutions may be authorized for effectuating financial transaction services (Chang Pg 10:16-26).
Chang doesn’t directly teach “compare the web site to a list of web sites” and “identify the one or more secure operations to be executed based, at least in part, on a result of the comparison”.
However, Hoy, in an analogous art of protection of computer systems from injurious software (Par 2), teaches the concept of a system that uses, at least in part, a whitelist of trusted websites, to help defend against internet security threats, such as malware that can infect an operation system (Pars. 34 and 57).
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time the invention was made, to apply the known concept of a system that uses, at least in part, a whitelist of trusted websites, to help defend against internet security threats, such as malware that can infect an operation system, as taught by Hoy, to modify the storage of Chang, to include “compare the web site to a list of web sites” and “identify the one or more secure operations to be executed based, at least in part, on a result of the comparison”, because this would improve the efficiency of the storage device, by being able to adjust security measures and the use of pertinent resources need for security based on websites that lists.

Claim(s) 6, 12 and 19 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009064048 A1) in view of Tenorio (US 7149744 B1) and Rajakarunanayake (US 20140123209 A1) as applied to claims 1, 8 and 15 above, and further in view of Smith; Ned M. et al. (hereinafter Smith – US 20140108805 A1).

Claims 6, 12 and 19:
	The rejection of claims 1, 8 and 15 is incorporated. As per claims 6, 12 and 19, Chang does not appear to expressly teach wherein the TEE stores one or more encryption keys. 
However, Smith teaches/suggests wherein the TEE stores one or more encryption keys (encryption key stored in trusted execution environment (TEE) and used to encrypt information provided to the TEE, ¶ 58; TEE is trusted execution environment, ¶ 28). 
Accordingly, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the storage/device/method of Smith wherein the TEE stores one or more encryption keys, as taught/suggested by Smith.
One would have been motivated to make such a combination in order to arrive at more secure storage/device/method that secures information via encryption (¶ Smith ¶ 58).

Claim(s) 7, 13 and 20 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009064048 A1) in view of Tenorio (US 7149744 B1) and Rajakarunanayake (US 20140123209 A1) as applied to claims 1, 8 and 15 above, and further in view of Owen (US Patent Application Publication 20120011354). 

Claims 7, 13 and 20:
	The rejection of claims 1, 8 and 15 is incorporated. As per claims 7, 13 and 20, Chang doesn’t directly teach wherein the secure OS is accessed via read-only memory.
However, Owen, in an analogous art of a device for establishing secure computing environment (Abstract), teaches “the fact that the memory module 34, which stores the secure operating system 35, is read-only or otherwise write-protected makes the secure operating system 35 resistant to malware threats, since malicious software cannot be saved to the read-only memory module, or otherwise incorporated into the secure operating system 35” (Par 23).
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time the invention was made, to apply the known concept that a read-only memory makes the secure operating systems resistant to malware threats, as taught by Owen, to modify the storage/device/method in Chang to include wherein the secure OS is accessed via read-only memory, because this would lead to the predictable result of more secure storage/device/method that make the second OS resistant to malware threats (Owen, Par 23).

Response to Arguments
Applicant’s prior art arguments have been fully considered but are moot in view of the new grounds of rejection presented above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Below is a list of these references, including why they are pertinent:
Rechef (US Patent 6199181), is pertinent for teaching at least part of the gist of the claimed invention by disclosing the concept of using multiple operating systems that control the same hardware, wherein the multiple operating systems have different trust levels or security levels (See at least Col 4:22-26).
Spitz (US Patent Application Publication 20140007120) also teaches/suggest identify a switching event, wherein the switching event corresponds to an indication of a possible security compromise of a main OS; and switch from the main OS to the secure OS responsive to identifying the switching event, wherein the secure OS is executing in a trusted execution environment (TEE) isolated from the main OS (see at least Par 10).

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GABRIEL S MERCADO whose telephone number is (408)918-7537. The examiner can normally be reached Mon-Fri 8am-5pm (Eastern Time).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William L. Bashore can be reached on (571) 272-4088. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/Gabriel Mercado/Examiner, Art Unit 2175                                                                                                                                                                                                        


/DANIEL RODRIGUEZ/Primary Examiner, Art Unit 2175