DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Ernie Ellenberger (Reg. No. 56529) on March 7, 2022.

The application has been amended as follows: 

Regarding claim 1: (Currently Amended) A method comprising:
receiving an encrypted file system key associated with a first secure enclave;
receiving a request from a second secure enclave to access a file system associated with the encrypted file system key;
receiving a policy associated with the encrypted file system key;
determining whether the second secure enclave satisfies one or more conditions associated with the policy;
and further in response to determining that the second secure enclave satisfies the one or more conditions, decrypting the encrypted file system key with a private cryptographic key associated with an enclave manager to obtain a file system key, wherein the private cryptographic key corresponds to a public key included in an enclave manager key wrapping certificate, and wherein the enclave manager key wrapping certificate is provided to the first secure enclave as a result of a first attestation operation performed with the enclave manager;
receiving, from the second secure enclave, an application key wrapping certificate;
encrypting, by a processing device, the file system key based on a public cryptographic key associated with the second secure enclave to generate a re-encrypted file system key, wherein the public cryptographic key is from the application key wrapping certificate; and
providing the re-encrypted file system key to the second secure enclave.

Regarding claim 4: (Currently Canceled)

Regarding claim 8: (Currently Amended) A system comprising:
a memory; and
a processing device, operatively coupled with the memory, to:
receive an encrypted file system key associated with a first secure enclave;
receive a request from a second secure enclave to access a file system associated with the encrypted file system key;
receive a policy associated with the encrypted file system key;
determine whether the second secure enclave satisfies one or more conditions associated with the policy;
in response to receiving the request and further in response to determining that the second secure enclave satisfies the one or more conditions, decrypt the encrypted file system key with a private cryptographic key associated with an enclave manager to obtain a file system key, wherein the private cryptographic key corresponds to a public key included in an enclave manager key wrapping certificate, and wherein the enclave manager key wrapping certificate is provided to the first secure enclave as a result of a first attestation operation performed with the enclave manager;
receive, from the second secure enclave, an application key wrapping certificate;
encrypt the file system key based on a public cryptographic key associated with the second secure enclave to generate a re-encrypted file system key, wherein the public cryptographic key is from the application key wrapping certificate; and
provide the re-encrypted file system key to the second secure enclave.

Regarding claim 11: (Currently Canceled)

Regarding claim 12: (Currently Amended) The system of claim [[11]] 8, wherein the one or more conditions are associated with an identification of an application provided by the second secure enclave.
Regarding claim 15: (Currently Amended) A non-transitory computer readable medium comprising data that, when accessed by a processing device, cause the processing device to perform operations comprising:
receiving an encrypted file system key associated with a first secure enclave;
receiving a request from a second secure enclave to access a file system associated with the encrypted file system key;
receiving a policy associated with the encrypted file system key;
determining whether the second secure enclave satisfies one or more conditions associated with the policy;
in response to receiving the request and further in response to determining that the second secure enclave satisfies the one or more conditions, decrypting the encrypted file system key with a private cryptographic key associated with an enclave manager to obtain a file system key, wherein the private cryptographic key corresponds to a public key included in an enclave manager key wrapping certificate, and wherein the enclave manager key wrapping certificate is provided to the first secure enclave as a result of a first attestation operation performed with the enclave manager;
receiving, from the second secure enclave, an application key wrapping certificate;
encrypting the file system key based on a public cryptographic key associated with the second secure enclave to generate a re-encrypted file system key, wherein the public cryptographic key is from the application key wrapping certificate; and
providing the re-encrypted file system key to the second secure enclave.

Regarding claim 18: (Currently Canceled)

Regarding claim 19: (Currently Amended) The non-transitory computer readable medium of claim [[18]] 15, wherein the one or more conditions are associated with an identification of an application provided by the second secure enclave.
	

Reasons for Allowance

The following is an examiner’s statement of reasons for allowance: 
Claims 1-3, 5-10, 12-17 and 19-20 are considered allowable.

The Prior Art Tamura et al. US Patent Application Publication No. 2017/0357817 teaches techniques relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.



The Prior Art Levy et al. US Patent Application Publication No. 2018/0167220 teaches a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results. Another device intercepts the results and allows the results to proceed to their destination contingent on successful validation of the digital signature.

The instant application is allowable over Tamura et al., Poon et al., and Levy et al. described above, either singularly or in combination, due to the instant application teaching a different and detailed encrypted file system key associated with a first secure enclave may be received. A request from a second secure enclave to access a file system associated with the encrypted file system key may be received. In response to receiving the request, the encrypted file system key may be decrypted with a cryptographic key associated with an enclave manager to obtain a file system key. The file system key may be encrypted based on another cryptographic key associated with the second secure enclave to generate a re-encrypted file system key. Furthermore, the re-encrypted file system key may be provided to the second secure enclave.

The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitations of “receiving an encrypted file system key associated with a first secure enclave; receiving a policy associated with the encrypted file system key; determining whether the second secure enclave satisfies one or more conditions associated with the policy; in response to receiving the request and further in response to determining that the second secure enclave satisfies the one or more conditions, decrypting the encrypted file system key with a private cryptographic key associated with an enclave manager to obtain a file system key, encrypting, by a processing device, the file system key based on a public cryptographic key associated with the second secure enclave to generate a re-encrypted file system key, wherein the public cryptographic key is from the application key wrapping certificate; and providing the re-encrypted file system key to the second secure enclave” as recited in independent claims 1, 8 and 15 in combination with 
[AltContent: textbox ()]
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”



Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for 





/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439                    


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439