DETAILED ACTION
This office action is in response to the correspondence filed on 05/27/2020. Claims 1-15 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 08/13/2020. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 9, 12-13, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Thaler, III et al. (US Pub No. 2019/0266330 A1, referred to as Thaler), in view of “What is a Gateway?” NPL (WhatIsMyIPAddress.com referred to as GatewayNPL).
Regarding claim 1, Thaler discloses,
1. A method for secure proxying using trusted execution environment (TEE) technology, the method comprising:
performing, using a TEE running on a proxy, an attestation with a TEE running on a client; (Thaler: Fig. 3, 6; [0045]; a client generates and transmits the transmission which is assembled for delivery. The transmission is only in decrypted form within the TEE which is inaccessible from the public environment of the secure terminal. After decryption, the transmission traverses through a series of content filters that verify and validate the transmission (attestation) for forwarding to gateway 320 (proxy). [0007]; the gateway may also verify that the received transmission is signed by a key unique to a trusted platform module (TPM) maintained by the secure terminal associated with the host device.)
receiving, at the TEE running on the proxy from the TEE running on the client, a request to fetch data from a remote server; (Thaler: Fig. 3; [0007]; for transmissions that are approved-whether automatically or by user approval-the secure terminal forwards the transmission to the gateway (the gateway/proxy receives from the client through the secure terminal).)
fetching, by the TEE running on the proxy, the data specified in the request from the remote server; and (Thaler: Fig. 3; [0007]; forward authorized transmissions to the destination remote device to thereby facilitate gateway functionality.)
Thaler does not explicitly disclose, however GatewayNPL teaches,
forwarding, by the TEE running on the proxy to the TEE running on the client, the data fetched from the remote server. (GatewayNPL: para. 1-2; gateway sends data back and forth and routes traffic from a workstation to the outside network that is serving up the Web pages.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings GatewayNPL of into the teachings of Thaler with a motivation to further explain the common functionalities of a gateway as suggested in Thaler. 


Regarding claim 9, Thaler discloses,
9. A proxy comprising memory and one or more processors which, alone or in combination, are configured to provide for execution of the following steps using a trusted execution environment (TEE) running on the proxy: (Thaler: Fig. 2; [0081].)
performing an attestation with a TEE running on a client; (Thaler: Fig. 3, 6; [0045]; a client generates and transmits the transmission which is assembled for delivery. The transmission is only in decrypted form within the TEE which is inaccessible from the public environment of the secure terminal. After decryption, the transmission traverses through a series of content filters that verify and validate the transmission (attestation) for forwarding to gateway 320 (proxy). [0007]; the gateway may also verify that the received transmission is signed by a key unique to a trusted platform module (TPM) maintained by the secure terminal associated with the host device.)
receiving, from the TEE running on the client, a request to fetch data from a remote server; (Thaler: Fig. 3; [0007]; for transmissions that are approved-whether automatically or by user approval-the secure terminal forwards the transmission to the gateway (the gateway/proxy receives from the client through the secure terminal).)
fetching the data specified in the request from the remote server; and (Thaler: Fig. 3; [0007]; forward authorized transmissions to the destination remote device to thereby facilitate gateway functionality.)
Thaler does not explicitly disclose, however GatewayNPL teaches,
forwarding, to the TEE running on the client, the data fetched from the remote server. (GatewayNPL: para. 1-2; gateway sends data back and forth and routes traffic from a workstation to the outside network that is serving up the Web pages.)


Regarding claim 12, the combination of Thaler and GatewayNPL discloses, 
12. The proxy according to claim 9, 
Thaler further discloses,
wherein the proxy is further configured using the TEE to check a policy to determine whether the request to fetch the data is restricted. (Thaler: [0007]; the gateway has its own set of criteria set by a policy. When the application layer gateway authorizes the contents of the transmission, it transfers the transmission to a trusted peripheral device which is accessible only from within the TEE.)


Regarding claim 13, Thaler discloses,
13. A client comprising memory and one or more processors which, alone or in combination, are configured to provide for execution of the following steps using a trusted execution environment (TEE) running on the client: (Thaler: Fig. 2; [0081].)
performing an attestation with a TEE running on a proxy; (Thaler: Fig. 3, 6; [0045]; a client generates and transmits the transmission which is assembled for delivery. The transmission is only in decrypted form within the TEE which is inaccessible from the public environment of the secure terminal. After decryption, the transmission traverses through a series of content filters that verify and validate the transmission (attestation) for forwarding to gateway 320 (proxy). [0007]; the gateway may also verify that the received transmission is signed by a key unique to a trusted platform module (TPM) maintained by the secure terminal associated with the host device.)
creating and signing a request to fetch data from a remote server; (Thaler: Fig. 3, 6; [0005]; host device (client) sends commands that are destined for the remote device (host device/client sends the command it created). [0007]; the gateway may also verify that the received transmission is signed by a key unique to a trusted platform module (TPM) maintained by the secure terminal associated with the host device.))
sending the request to fetch data to the TEE running on the proxy; and (Thaler: Fig. 3; [0007]; for transmissions that are approved-whether automatically or by user approval-the secure terminal forwards the transmission to the gateway (the client sends the request to the gateway/proxy through the secure terminal).)
Thaler does not explicitly disclose, however GatewayNPL teaches,
receiving the data specified in the request from the remote server via the TEE running on the proxy. (GatewayNPL: para. 1-2; gateway sends data back and forth and routes traffic from a workstation to the outside network that is serving up the Web pages.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings GatewayNPL of into the teachings of Thaler with a motivation to further explain the common functionalities of a gateway as suggested in Thaler.

Regarding claim 15, Thaler discloses,
15. A tangible, non-transitory computer-readable medium having instructions thereon which, upon being executed by one or more processors, alone or in combination, (Thaler: [0081], [0084]; computer-readable storage media, CPU.)
The combination of Thaler and GatewayNPL discloses, 
provide for execution of the method of claim 1. (Thaler and GatewayNPL: please see claim 1 rejection.)

Claims 2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Thaler, in view of GatewayNPL, further in view of Richards et al. (US Patent No. 10,453,017 B1, referred to as Richards).
Regarding claim 2, the combination of Thaler and GatewayNPL discloses, 
2. The method according to claim 1,
The combination of Thaler and GatewayNPL does not explicitly disclose, however Richards teaches,
further comprising logging information about the request to fetch the data in the TEE running on the proxy. (Richards: Coln. 13, ls. 56-60; the security proxy (113) can be configured to run in a Trusted Execution Environment (TEE) and store privacy sensitive data related to visitations to sites/domains/URL in a secure storage area (log) that requires user permission for access.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Richards into the combination of Thaler and GatewayNPL with a motivation to allow reporting of an UNSAFE site/domain/URL by storing visitation information (Richards: Coln. 10, ls. 41-64).


Regarding claim 10, the combination of Thaler and GatewayNPL discloses, 
10. The proxy according to claim 9, 
The combination of Thaler and GatewayNPL does not explicitly disclose, however Richards teaches,
wherein the TEE running on the proxy includes a log, and wherein the proxy is further configured using the TEE to write information about the request to fetch the data in the log. (Richards: Coln. 14, ls. 56-60; the security proxy (113) can be configured to run in a Trusted Execution Environment 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Richards into the combination of Thaler and GatewayNPL with a motivation to allow reporting of an UNSAFE site/domain/URL by storing visitation information (Richards: Coln. 10, ls. 41-64).


Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Thaler, in view of GatewayNPL, further in view of Richards, and further in view of Gigov et al. (US Pub No. 2019/0089676 A1, referred to as Gigov).
Regarding claim 3, the combination of Thaler, GatewayNPL and Richards discloses, 
3. The method according to claim 2, 
The combination of Thaler, GatewayNPL and Richards does not explicitly disclose, however Gigov teaches,
wherein the information logged in the TEE running on the proxy includes an Internet Protocol (IP) address of the client. (Gigov: [0059]; the TEE 212 is configured for logging usage of the TEE 212, including one or more of access timestamps, access locations and/or IP addresses.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Gigov into the combination of Thaler, GatewayNPL and Richards with a motivation to flag suspicious activity by logging usage of the TEE (Gigov: [0059]).


Regarding claim 4, the combination of Thaler, GatewayNPL, Richards and Gigov discloses, 
4. The method according to claim 3, 
The combination of Thaler, GatewayNPL and Richards does not explicitly disclose, however Gigov teaches,
wherein the information logged in the TEE running on the proxy includes information about a client signature. (Gigov: [0059]; the TEE 212 is configured for logging usage of the TEE 212, including one or more of access timestamps, access locations and/or IP addresses. The TEE 212 can flag suspicious use of particular credentials (client signature).)
The same motivation that was utilized for combining Thaler, GatewayNPL, Richards and Gigov as set forth in claim 3 is equally applicable to claim 4.


Regarding claim 5, the combination of Thaler, GatewayNPL, Richards and Gigov discloses, 
5. The method according to claim 3, 
The combination of Thaler and GatewayNPL does not explicitly disclose, however Richards teaches,
wherein the request to fetch data includes a Uniform Resource Locator (URL), and wherein the information logged in the TEE running on the proxy further includes the URL. (Richards: Coln. 14, ls. 56-60; the security proxy (113) can be configured to run in a Trusted Execution Environment (TEE) and store privacy sensitive data related to visitations to sites/domains/URL in a secure storage area (log) that requires user permission for access.)
The same motivation that was utilized for combining Thaler, GatewayNPL and Richards as set forth in claim 2 is equally applicable to claim 5.


Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Thaler, in view of GatewayNPL, further in view of Alshammar (US Pub No. 2015/0319149 A1, referred to as Alshammar).
Regarding claim 6, the combination of Thaler and GatewayNPL discloses, 
6. The method according to claim 1, 
The combination of Thaler and GatewayNPL does not explicitly disclose, however Alshammar teaches,
wherein communications between the TEE running on the proxy and the TEE running on the client take place over a secure channel established by the attestation using a shared secret generated based on successful attestation. (Alshammar: [0028]; providing a challenge-based mechanism for establishing secure and authenticated communication between two parties who shared a secret in advance.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Alshammar into the combination of Thaler and GatewayNPL with a motivation to mitigate the risk of active and passive attacks against secret-based authentication systems by implementing a challenge-response authentication mechanism (Alshammar: [0009]).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Thaler, in view of GatewayNPL, further in view of Gigov.
Regarding claim 11, the combination of Thaler and GatewayNPL discloses, 
11. The proxy according to claim 9, 
The combination of Thaler and GatewayNPL does not explicitly disclose, however Gigov teaches,
wherein the information logged in the TEE running on the proxy includes an Internet Protocol (IP) address of the client and information about a client signature. (Gigov: [0059]; the TEE 212 is 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Gigov into the combination of Thaler and GatewayNPL with a motivation to flag suspicious activity by logging usage of the TEE (Gigov: [0059]).


Allowable Subject Matter
Claims 7-8, and 14 are objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance: 
Although prior arts Thaler, GatewayNPL, Richards, Gigov and Alshammar above disclose all the limitations of the prior claims (see rejections above), none of the prior arts of record alone or in combination discloses a public and private key pair the client generated through initialization of the TEE on the client in the request log and verification as described in the claims.
At the effective filing date of the application, the above limitations would not have been obvious over the prior arts of record. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The listed references disclose relevant inventions of secure communication using trusted execution enivronment.

Duan; Huayi et al.		US-PGPUB	US 20210240817 A1
RAJCAN; STEVEN L. et al.	US-PGPUB	US 20170169227 A1 
Please see PTO-892. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.