Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
As per the instant application having Application No. 17/267,941, the preliminary amendment filed on 2/11/2021 is herein acknowledged. Claims 3, 5, 7-9 and 11-17 have been amended. Claims 1-20 are pending.
INFORMATION CONCERNING DRAWINGS 
The applicant’s drawings submitted are acceptable for examination purposes.
STATUS OF CLAIM FOR PRIORITY IN THE APPLICATION
The instant Application No. 17267941 filed 02/11/2021 is a National Stage entry of PCT/GB2019/052447, International Filing Date: 09/03/2019 and claims foreign priority to 1817041.5, filed 10/19/2018. All the certified copies of the priority documents have been received. 
ACKNOWLEDGEMENT OF REFERENCES CITED BY APPLICANT
As required by M.P.E.P.  609(C), the applicant’s submission of the Information Disclosure Statement(s) dated 2/11/2021 is/are acknowledged by the examiner and the cited references have been considered in the examination of the claims now pending. As required by M.P.E.P 609 C(2), a copy (copies) of the PTOL-1449(s) initialed and dated by the examiner is/are attached to the instant office action.
REJECTIONS NOT BASED ON PRIOR ART
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 19-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter.
As per claim 19, Applicant has claimed “A computer program” in the preamble of claim 19; which implies that Applicant is claiming a system of software, per se, lacking the hardware necessary to 
In contrast, a claimed non-transitory computer-readable storage medium encoded with a computer program is a computer element which defines structural and functional interrelationships between the computer program and the rest of the computer which permit the computer program’s functionality to be realized, and is thus statutory.
Claim 20 does not cure the deficiencies of claim 19. Note that merely claiming a storage medium storing the program still suggests Applicant intends the claims to include non-statutory matter. The word "storage" is insufficient to convey only statutory embodiments to one of ordinary skill in the art absent an explicit and deliberate limiting definition or clear differentiation between storage media and transitory media in the disclosure. As such, the claim(s) is/are drawn to a form of energy. Energy is not one of the four categories of invention and therefore this/these claim(s) is/are not statutory. Energy is not a series of steps or acts and thus is not a process. Energy is not a physical article or object and as such is not a machine or manufacture. Energy is not a combination of substances and therefore not a composition of matter.
In contrast, a claimed non-transitory computer-readable storage medium encoded with a computer program is a computer element which defines structural and functional interrelationships between the computer program and the rest of the computer which permit the computer program’s functionality to be realized, and is thus statutory.
REJECTIONS BASED ON PRIOR ART
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-2 and 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Parker et al. (US 2018/0173645) in view of Asanovic et al. (US 7,287,140).
As per claim 1. (Original) An apparatus comprising: processing circuitry to perform data processing in response to one or more software processes; and [Parker teaches data processing apparatus 20 (par. 0042; fig. 2 and related text) where “The CPUs 24 and GPU 25 can execute instructions from any of the types of processes discussed above with respect to FIG. 1. Each of the processes 2, 4, 6, 10, 12, 14 of FIG. 1 may be referred to as a “blind domain” (BD)” (par. 0044)]
memory access circuitry to control [The phrasing “circuitry to control” is interpreted as intended use and as such, the claim does not requires the circuitry actually perform the listed functionality, but merely that the functionality not be expressly precluded. See MPEP 2103(C). It is suggested this phrasing be affirmatively recited for example, by reciting “circuitry configured to control”] access to a plurality of memory regions based on ownership information defining, for a given memory region, an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of the software processes, said owner realm having a right to exclude other realms from accessing data stored within said given memory region; and [Parker teaches “Each blind domain (BD) may protect its data or instructions from any other blind domain. Any BD may request that it becomes an owner BD for a selected page of the physical address space. A page ownership table (POT) 50 is stored in memory 34 tracking which BD (if any) is the owner BD for each physical page of memory. The owner BD (also referred to as an owner process) for a given page of memory has the exclusive right to control access to that page… Each bus master is provided with protection hardware 60, 62 for enforcing the permission attributes set by the owner BD of a given page to prevent access requests targeting that page from other BDs being output onto the bus 30 if they violate the restrictions controlled by the owner BD” (par. 0050) where the blind domains correspond to the claimed realm]
a realm management unit to control [The phrasing “realm management unit to control” is interpreted as intended use and as such, the claim does not requires the circuitry actually perform the listed functionality, but merely that the functionality not be expressly precluded. See MPEP 2103(C). It is suggested this phrasing be affirmatively recited for example, by reciting “realm management unit configured to control”] operation of a given realm based on security configuration parameters [Parker teaches “Enforcement of the policy set in the page ownership table 50 is carried out by a blind domain management unit (BDMU) 60 associated with each processing circuit” (par. 0073) page ownership table (PTO 50) (see pars. 0050; 0079) where the page ownership table corresponds to the security configuration parameters]
in which: when the security configuration parameters for the given realm specify that the given realm is associated with a trusted intermediary realm identified by the security configuration parameters, the realm management unit is configured to permit the trusted intermediary realm to perform at least one realm management function for the given realm [Regarding these limitations, Note that claim 1, is written as a hybrid claim, recites both an apparatus in the preamble and method steps within the body of the claim that are conditionally executed by the realm management unit, "when” the security configuration parameters for the given realm specify that the given realm is associated with a trusted intermediary realm identified by the security configuration parameters. 
It is not positively recited in claim 1 that the realm management unit is ever required to permit the trusted intermediary realm to perform at least one realm management function for the given realm, because of the "when" temporal condition precedent that may never be reached within the scope of the claim under the broadest reasonable interpretation. Similar language is recited independent method claim 18 and independent claim 19.
See Ex parte Schulhauser, Appeal No. 2013-007847, 2016 WL 6277792, at *9 (PTAB, Apr. 28, 2016) (precedential) (holding "The Examiner did not need to present evidence of the obviousness of the remaining method steps of the claim that are not required to be performed under a broadest reasonable interpretation of the claim"); see also Ex parte Katz, Appeal No. 2010-006083, 2011 WL 514314, at *4-5 (BPAI Jan. 27, 2011).”  
It is suggested that the conditional statements be removed. Alternatively, the conditions precedent may be claimed affirmatively in order to give the claims their proper weight. For example, in claim 1, affirmatively claim:
“in which: in response to the security configuration parameters for the given realm specifying that the given realm is associated with a trusted intermediary realm identified by the security configuration parameters, the realm management unit is configured to permit the trusted intermediary realm to perform at least one realm management function for the given realm”].  
Parker teaches [“while the examples above show the commands for controlling and updating the POT being issued by the owner process, in other examples these commands could come from another process which is trusted by the owner process. For example, in some systems the POT 50 could be managed on behalf of the owner domains by a process running on the security controller 28. Hence, when the owner process requires ownership of a page to be requested or an update to the POT 50, it could send a command to the trusted process (e.g. a process running on the security controller 28) which triggers the trusted process to issue an ownership request or update request. Similarly, the overwriting (destructive claiming) process described above could be performed by a trusted process which is not necessarily the owner process.”  par. 0122) where Parker further teaches “the security controller could take the form of a trusted process running in secure mode on a processor supporting ARM Limited’s TrustZone) or a trusted hypervisor depending on the particular degree of security required/desired” (par. 0130)], where Parker does not expressly refer to the trusted process as a trusted intermediary realm; however, regarding these limitations, Asanovic teaches [“Memory "ownership" is a component of permissions policy that can be implemented entirely within the memory supervisor 42. A protection domain can have authority on permissions and use of a memory region associated with the protection domain. Every address space is divided into non-overlapping regions, where each region can be owned by exactly one protection domain. The memory supervisor itself owns all of memory initially. An "owner" protection domain can set arbitrary access permissions on memory that it owns, and can grant arbitrary access permissions, or export permissions, on that memory to other protection domains...” (col. 10, lines 50-55). “The memory supervisor 42 can manage the creation and deletion of protection domains. A protection domain can create a new protection domain by “subdividing,” and passing ownership of a region of its own memory to the new child protection domain. The memory supervisor 42 can track parental relationships between protection domains…” (col. 11, lines 51-61) where the parent domain of Asanovic is interpreted to correspond to the trusted intermediary realm]. 
Parker and Asanovic are analogous art because they are from the same field of endeavor of memory access and control.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify Parker to have the trusted process which may modify POT, where the trusted process may be a trusted hypervisor and the security controller may take the form of a trusted process and where each process comprises a blind domain as indicated in (par. 0044) as taught by Parker as the parent domain or intermediary domain or realm taught by Asanovic which would allow the parent process to create and modify a child protection domain or realm’s protection parameter, including deletion of a child process as indicated in (col. 11, lines 58-61) since doing so would allow trusted intermediary domain to perform management functions of an owning process such as to simply [providing memory protection to a fine granularity of computer memory (col. 1, lines 26-28)]. 
Therefore, it would have been obvious to combine Parker and Asanovic for the benefit of creating a storage system/method to obtain the invention as specified in claim 1. 
As per claim 2. (Original) The apparatus according to claim 1, in which the realm management function comprises updating at least a portion of the security configuration parameters for the given realm [Parker teaches  “FIG. 8 shows a method for the owner BD of a given page to update the attributes in the POT 50” (par. 0114; fig. 8 and related text) “For example, the owner of the page could change the attributes so that a private page is not made shared or a shared page is made private, or could change whether read or write is permitted for that page” (par. 0116) “while the examples above show the commands for controlling and updating the POT being issued by the owner process, in other examples these commands could come from another process which is trusted by the owner process. For example, in some systems the POT 50 could be managed on behalf of the owner domains by a process running on the security controller 28. Hence, when the owner process requires ownership of a page to be requested or an update to the POT 50, it could send a command to the trusted process (e.g. a process running on the security controller 28) which triggers the trusted process to issue an ownership request or update request. Similarly, the overwriting (destructive claiming) process described above could be performed by a trusted process which is not necessarily the owner process.” (par. 0122)].  
As per claim 16. (Currently Amended) The apparatus according to [Parker teaches each process having a blind domain identifier (BDID) including a secure bit S indicating whether the process is associated with the secure domain or the normal domain in the BDID (par. 0044) and explains “The encryption circuitry 56 may maintain a number of secret encryption keys and each BDID may have its own key. The encryption circuitry 56 supports a number of different levels of encryption…” (par. 0068). Asanovic teaches “Each protection domain encompasses a range of memory addresses” (col. 6, lines 23-44; col. 10, lines 56-65)].  
[Parker teaches “blind hypervisor” which still manages the virtual machines 4 and controls which portions of the address space they can access, but which cannot necessarily see all the data associated with a given virtual machine 4. Similarly, for processes operating at other privilege levels, a process running at a higher privilege level can be prevented from accessing addresses which are used by a process running at a lower privilege level.” (par. 0041) “Each blind domain (BD) may protect its data or instructions from any other blind domain. Any BD may request that it becomes an owner BD for a selected page of the physical address space. A page ownership table (POT) 50 is stored in memory 34 tracking which BD (if any) is the owner BD for each physical page of memory. The owner BD (also referred to as an owner process) for a given page of memory has the exclusive right to control access to that page… In this way, any process can prevent other processes (including higher privilege level processes) accessing its data or instructions.” (par. 0050)].  
As per claim 18. (Original) A data processing method comprising: performing data processing in response to one or more software processes; and enforcing ownership rights for a plurality of memory regions based on ownership information defining, for a given memory region, an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of the software processes, said owner realm having a right to exclude other realms from accessing data stored within said given memory region; and controlling operation of a given realm based on security configuration parameters associated with the given realm; in which: when the security configuration parameters for the given realm specify that the given realm is associated with a trusted intermediary realm identified by the security configuration parameters, the trusted intermediary realm is permitted to perform at least one realm management function for the given realm [The rationale in the rejection of claim 1 is herein incorporated].  
As per claim 19. (Original) A computer program for controlling a host data processing apparatus to provide an instruction execution environment, comprising: memory access program logic to control access to a plurality of memory regions of a simulated memory address space based on ownership information defining, for a given memory region, an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of a plurality of software processes executed in the instruction execution environment, said owner realm having a right to exclude other realms from accessing data stored within said given memory region; and realm management program [The rationale in the rejection of claim 1 is herein incorporated].  
As per claim 20. (Original) A storage medium storing the computer program of claim 19 [The rationales in the rejection of claims 1 and 19 are herein incorporated].

Claims 5-8 and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Parker et al. (US 2018/0173645) in view of Asanovic et al. (US 7,287,140) as applied in the rejection of claim 1 above, and further in view of Doring (US 2008/0077922).
As per claim 5. (Currently Amended) The combination of Parker and Asanovic teaches The apparatus according to [“FIG. 2 is a flowchart describing a method for providing multi-level memory protection, in accordance with an embodiment of the present invention. To implement the multi-level memory protection, at step 202, a hierarchy of one or more parent processes and their respective child process(s) is defined. Thereafter, at step 204, a data structure defining the access rights of each of the parent processes and their respective child processes in the defined hierarchy is built. In one embodiment of the present invention, the data structure is a combination of a table and a tree. The data structure comprises a memory address range allocated to each parent process and its respective child process. Further, the data structure comprises a memory address range for each of the child process to return to their respective parent processes. In an embodiment of the present invention, the data structure of the parent process includes, but not limited to, a process ID of the child process, address translation rules, a list of exceptional or temporal or final exit address and links for permission structures of at least one child process created by the child process itself. These links for the permission structure created by the child process indicate the link to the process ID of another child process for whom the previous child process acts as a parent process.” (par. 0022) where “The processor (for example, extended page table walker) checks, whether the protection level defined in the data structure for the new child process is consistent with the access rights of the parent process…” (par. 0027) “Thereafter, if the access rights of the new child process are consistent, a validation result is stored in the parent process' data structure at step 210. However, in case there is an inconsistency in the access rights of the new child process, the processor returns the control to the parent process at step 212.”  (par. 0030)].  
Parker, Asanovic and Doring are analogous art because they are from the same field of endeavor of memory access and control.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify the combination of Parker and Asanovic to perform attestation/access rights checking procedure such as those taught by Doring since doing so would provide the benefits of [“For maximum flexibility and secure execution, it is desirable to have multiple levels of memory protection for a complete hierarchy of a parent process as well as its respective child processes. It is also desirable to have an additional data structure that implements direct address translation up to a customized level of hierarchy.” (par. 0008)]. 
Therefore, it would have been obvious to combine Parke, Asanovic and Doring for the benefit of creating a storage system/method to obtain the invention as specified in claim 5.
As per claim 6. (Original) The apparatus according to claim 5, in which when the security configuration parameters for the given realm specify that the target realm is associated with the trusted intermediary realm, the attestation comprises information indicating that the target realm is associated with the trusted intermediary realm [Doring teaches “To implement the multi-level memory protection, at step 202, a hierarchy of one or more parent processes and their respective child process(s) is defined. Thereafter, at step 204, a data structure defining the access rights of each of the parent processes and their respective child processes in the defined hierarchy is built. In one embodiment of the present invention, the data structure is a combination of a table and a tree. The data structure comprises a memory address range allocated to each parent process and its respective child process. Further, the data structure comprises a memory address range for each of the child process to return to their respective parent processes. In an embodiment of the present invention, the data structure of the parent process includes, but not limited to, a process ID of the child process, address translation rules, a list of exceptional or temporal or final exit address and links for permission structures of at least one child process created by the child process itself. These links for the permission structure created by the child process indicate the link to the process ID of another child process for whom the previous child process acts as a parent process.” (par. 0022) where the parent process correspond to the trusted intermediary realm and the child process is interpreted to correspond to the target realm, not the child process is associated with the parent process and Doring teaches  “The processor (for example, extended page table walker) checks, whether the protection level defined in the data structure for the new child process is consistent with the access rights of the parent process…” (par. 0027) “Thereafter, if the access rights of the new child process are consistent, a validation result is stored in the parent process' data structure at step 210. However, in case there is an inconsistency in the access rights of the new child process, the processor returns the control to the parent process at step 212.”  (par. 0030)].  
As per claim 7. (Currently Amended) The apparatus according to [The rationale in the rejection of claim 6 is herein incorporated.  
As per claim 8. (Currently Amended) The apparatus according to [Doring teaches “It is desirable to have a system in place by which the rights of a process can be checked while it is being created.” (par. 0005); thus, this would occur before being activated, “when a new child process is created, the parent process updates the registered data structure with the rights of the new child process. The parent process allocates a memory address range for the new child process and also defines the protection level of the new child process. “ (par. 0025) “the processor… checks, whether the protection level defined in the data structure for the new child process is consistent with the access rights of the parent process. “ (par. 0027) “if the new child process is started before the check is completed, the new child process is delayed until the check is done.” (par. 0028) (see fig. 2 and related text)].  
As per claim 13. (Currently Amended) The apparatus according to [Doring teaches “The data structure comprises a memory address range allocated to each parent process and its respective child process. Further, the data structure comprises a memory address range for each of the child process to return to their respective parent processes. In an embodiment of the present invention, the data structure of the parent process includes, but not limited to, a process ID of the child process, address translation rules, a list of exceptional or temporal or final exit address and links for permission structures of at least one child process created by the child process itself. These links for the permission structure created by the child process indicate the link to the process ID of another child process for whom the previous child process acts as a parent process.” (par. 0022) where “at step 206, the data structure is registered with the processor. In an embodiment of the present invention, the registering of the data structure is performed by executing one or more reserved instructions. Also, when a new child process is created, the parent process updates the registered data structure with the rights of the new child process. The parent process allocates a memory address range for the new child process and also defines the protection level of the new child process.” (par. 0025)].  
Parker, Asanovic and Doring are analogous art because they are from the same field of endeavor of memory access and control.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify the combination of Parker and Asanovic to permit the trusted intermediary realm to record a security configuration record indicative of at least a subset of the security configuration parameters associated with the given realm as taught by Doring since doing so would provide the benefits of [“For maximum flexibility and secure execution, it is desirable to have multiple levels of memory protection for a complete hierarchy of a parent process as well as its respective child processes. It is also desirable to have an additional data structure that implements direct address translation up to a customized level of hierarchy.” (par. 0008)]. 
Therefore, it would have been obvious to combine Parke, Asanovic and Doring for the benefit of creating a storage system/method to obtain the invention as specified in claim 13
As per claim 14. (Currently Amended) The apparatus according to [Doring teaches “when a new child process is created, the parent process updates the registered data structure with the rights of the new child process. The parent process allocates a memory address range for the new child process and also defines the protection level of the new child process.” (par. 0025). “Additional data structure 416 holds the validation results indicating the consistency of rights between the parent process and the child process. ” (par. 0044) “if the access rights of the new child process are consistent, a validation result is stored in the parent process' data structure at step 210. However, in case there is an inconsistency in the access rights of the new child process, the processor returns the control to the parent process at step 212.” (par. 0030) “In another embodiment of the present invention, to facilitate fast protection checks and address translations, an additional data structure is built. The processor builds the additional data structure in the background when the parent or the child process is executed or after the data structure is registered or during validation of child/parent process rights.” (par. 0031)].  
As per claim 15. (Currently Amended) The apparatus according to [According to Doring, the data structures store memory protection and access rights of parent and child processes (fig. 2 and related text) and are used by the memory protection management unit to manage recording of the protection information based on policy defining access rights (pars. 0017, 0022)].  

Claims 9-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Parker et al. (US 2018/0173645) in view of Asanovic et al. (US 7,287,140) as applied in the rejection of claim 1 above, and further in view of Pandey et al. (US 2016/0246720). 
As per claim 9. (Currently Amended) The apparatus according to [Parker teaches each blind domain having its own encryption key (par. 0068). Asanovic teaches parent and child protection domains (col. 11, lines 51-61) where “An “owner” protection domain can set arbitrary access permissions on memory that it owns, and can grant arbitrary access permission, or export permission, on that memory to other protection domains” (col. 10, lines 43-65) “Destination software running in a destination protection domain can transitively export permissions. This allows software running in a calling protection domain to either enforce a policy of only allowing a particular destination software running in a particular destination protection domain (perhaps one containing cryptographically verified code) to implement a function, or allowing the particular destination software running in a particular destination protection domain to subcontract work to other destination software running in other destination protection domains. Transitive permissions are still distinct from ownership because only the owner can return memory to protection domain 0, and a protection domain that receives transitive permissions cannot revoke permissions from a protection domain higher on the receiving chain.” (col. 25, lines 35-49)] but does not expressly disclose a parent or hierarchical higher domain providing a child or hierarchically lower domain at least one of a secret key an key material for deriving said at least one secret key; however, regarding these limitations, Pandey teaches [“a process 1601 to fork processes and establish child enclaves in a secure enclave page cache.” (par. 0157; fig. 16 and related text) where “the first secure storage area (e.g. at 1642 and/or 1646) allocated to a corresponding secure enclave 1604 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data) and the second secure storage area (e.g. at 1652 and/or 1656) allocated to a corresponding second secure enclave 1605 of the child process is also to be associated with the same first key. Embodiments of some enclave fork instructions may also comprise directly or indirectly verifying that both SECS are associated with the same encryption keys(s).” (par. 0159; see pars. 0145, 0152-0153)].
Parker, Asanovic and Pandey are analogous art because they are from the same field of endeavor of memory access and control.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify the combination of Parker and Asanovic to have permit a parent process or trusted intermediary to provide secret key to a child process as taught by Pandey since doing so would allow [for the creation of a secure child enclave (par. 0002)]. 
Therefore, it would have been obvious to combine Parke, Asanovic and Pandey for the benefit of creating a storage system/method to obtain the invention as specified in claim 9.
As per claim 10. (Original) The apparatus according to claim 9, in which the realm management unit is configured to prohibit a realm other than the trusted intermediary realm from providing said at least one provisioned secret for the given realm [Parker teaches each blind domain having its own encryption key (par. 0068). Asanovic teaches parent and child protection domains (col. 11, lines 51-61) where “An “owner” protection domain can set arbitrary access permissions on memory that it owns, and can grant arbitrary access permission, or export permission, on that memory to other protection domains” (col. 10, lines 43-65). Pandey teaches a parent providing the same key to a child (pars. 0152-0153, 0157, 0159) where non-owning domains/enclaves are unable to provide any permission information, including keys taught by Pandy since they are not able to access it and are thus prohibited from providing this information].  
[Pandey teaches “the first secure storage area (e.g. at 1642 and/or 1646) allocated to a corresponding secure enclave 1604 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data) and the second secure storage area (e.g. at 1652 and/or 1656) allocated to a corresponding second secure enclave 1605 of the child process is also to be associated with the same first key. Embodiments of some enclave fork instructions may also comprise directly or indirectly verifying that both SECS are associated with the same encryption keys(s).” (par. 0159) where “one or more execution units (e.g. execution unit 1426, 1436 or 1526), responsive to the EChild Copy command or instruction, may identify the link (e.g. 1644) stored in a second SECS data for a second secure storage area (e.g. 1652 of child enclave 1605) to a first SECS data for a first secure storage area (e.g. 1642 of parent enclave 1604) and if the link is identified, copy the secure data from the first secure storage area (e.g. at 1646 of parent enclave 1604) in the EPC to the second secure storage area (e.g. at 1656 of child enclave 1605) in the EPC. In some embodiments, identifying a link (e.g. 1644) stored in a second SECS data (e.g. at 1652) for a second secure storage area (e.g. at 1656 of child enclave 1605) to a first SECS data (e.g. at 1642) may also comprise verifying that both SECS are associated with the same encryption keys(s).” (par. 0160) (see fig. 17A and related text) where upon recording a link between child and parent enclaves which includes verifying both have the same key, the child process is deemed as successfully created, note a child process may not be activated until it is created].  
As per claim 12. (Currently Amended) The apparatus according to [Pandey teaches “the first secure storage area (e.g. at 1642 and/or 1646) allocated to a corresponding secure enclave 1604 of the parent process is to be associated with a first key (e.g. for encrypting and/or decrypting secure data) and the second secure storage area (e.g. at 1652 and/or 1656) allocated to a corresponding second secure enclave 1605 of the child process is also to be associated with the same first key. Embodiments of some enclave fork instructions may also comprise directly or indirectly verifying that both SECS are associated with the same encryption keys(s).” (par. 0159; see pars. 0145, 0152-0153) see where key verification occurs as part of the child enclave creation and is thus based on a management policy of the parent which allows the key to be the same and verifies so as part of the child creation process (par. 0160)].  

RELEVANT ART CITED BY THE EXAMINER
The following prior art made of record and not relied upon is cited to establish the level of skill in the applicant’s art and those arts considered reasonably pertinent to applicant’s disclosure. See MPEP 707.05(c).	Kraemer et al. (US 10,587,411) teaches “attestation of an operating environment. The method begins with booting, with a secure boot process with attestation, at least one processor with secure processor technology that allows user-level code to allocate private regions of memory which are protected from processes running at higher privilege levels. Next, one or more operating system containers are loaded in a server or a virtual machine. Each of the one or more operating system containers use each of their own process space and network space in order to operate on a single operating system kernel without creating separate virtual machines. If a set of one or more conditions of booting and loading has been satisfied using zero-knowledge verifiable computing then an attestation is sent calculated using a zero-knowledge verifiable computing technique to a second processor-based device.” (Abstract).
Simon et al. (US 2010/0318800) teaches hierarchical key management in secure network enclaves.
CLOSING COMMENTS
    a.   STATUS OF CLAIMS IN THE APPLICATION
	a(1) CLAIMS REJECTED IN THE APPLICATION
Per the instant office action, claims 1-2 and 5-20 have received a first action on the merits and are subject of a first action non-final.
a(2) ALLOWABLE SUBJECT MATTER
Per the instant office action, claim 3 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the 
Claim 4 is objected to by virtue of their dependence on objected claim 3.
    b.  DIRECTION OF FUTURE CORRESPONDENCES
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YAIMA RIGOL whose telephone number is (571)272-1232, and email address is yaima.rigol@uspto.gov .  The examiner can normally be reached on Monday-Friday 9:00AM-5:00PM.
If attempts to reach the above noted Examiner by telephone are unsuccessful, the Examiner’s supervisor, Mr. Sanjiv Shah, can be reached at the following telephone number: Area Code (571) 272-4098. 
The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).



February 24, 2022
/YAIMA RIGOL/
Primary Examiner, Art Unit 2135