DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/9/2020 has been entered and considered by the examiner.
Election/Restrictions
Applicant's election with traverse of Group I in the reply filed on 1/5/2022 is acknowledged. The traversal is on the ground(s) that the claims of Group 2 (claims 39-50) have been amended to depend from independent claim 22 in Group I and thus now further define the system of Group I. The Examiner finds this argument persuasive since the claims are now directed to a single invention. The restriction requirement dated 12/9/2021 is withdrawn.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a network interface module” in claim 22, “a middlebox module” in claim 29, “a core driver” in claim 33, “a clock module” in claim 34, “a poll driver” in claim 37, “a core driver” in claim 39, “a clock module” in claim 40, “a middlebox module” in claim 42, “a poll driver” in claim 46, “a receiver repository” and “a transmission repository” in claim 47, and “a buffer module” in claim 50. The structure for such modules, drivers, and repositories appears to be recited in at least Section 6 of Applicant’s specification, which is entitled “System/Hardware” and begins on page 46 of Applicant’s specification.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-50 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Duan et al., “LightBox: Full-Stack Protected Stateful Middlebox at Lightning Speed”; ArXiv.org: Cryptography and Security, August 2018 [retrieved 2022-04-07]; retrieved from the internet <URL: https://arxiv.org/pdf/1706.06261v2.pdf> (Duan hereinafter).	Regarding claim 1, Duan teaches a computer-implemented method for facilitating data communication of a trusted execution environment (Lightbox is a system that implements a process for stateful processing of a middlebox module in a trusted execution environment; Duan; Figs. 1-3; Abstract and Sections 1-3), the computer-implemented method comprising: 	processing a plurality of data packets (Processing of data packets is discussed in detail throughout the entire Duan reference. See for instance Figs. 1-3 and their corresponding description describing packet processing performed by the disclosed Lightbox system. The Examiner would also like to note that Figs. 1-3 of Duan appear to be identical to Figs. 5, 6, and 8 respectively in Applicant’s specification; Duan; Figs. 1-3; Abstract and Sections 1-3), each including respective metadata (Packets are discussed as including metadata in at least the Abstract and in Sections 1, 8, and 9; Duan; Abstract and Sections 1, 8, and 9), each including respective metadata, to form a data stream including the plurality of data packets (At least Section 1 discusses transmitted/received packets as being related to VoIP and streaming video, which may each be broadly reasonably interpreted as a formed data stream including a plurality of packets. At least Section 1 (see page 2, col. 1, last full paragraph) also describes packet flows as streams and also describes streams as being “reassembled” (i.e., formed). The last paragraph on page 2 also discusses stream transmission and reassembly. Such stream transmission/reception and reassembly is also discussed in at least Sections 3 and 5; Abstract and Sections 1-3 and 5), the data stream being a single continuous data stream in application-layer (The streams discussed with regard to at least the Abstract and Sections 1-3 and 8 are discussed as comprising application data. Such data streams may thus be broadly reasonably interpreted as single continuous data streams in application-layer; Abstract and Sections 1-3 and 8); and 	transmitting the data stream to or from a network interface module for the trusted execution environment (As was also discussed above, Figs. 1-3 of Duan appear to be identical to Figs. 5, 6, and 8 respectively in Applicant’s specification. At least the Brief Description of the Drawings section in Applicant’s specification describes Fig. 8 as a schematic diagram of the network interface module and associated components in the system of Figure 6. The etap depicted in Fig. 3 which is identical to Applicant’s Fig. 8 may thus also be broadly reasonably interpreted as a network interface module for the trusted execution environment. At least Section 3 also describes the etap depicted in Fig. 3 as a network interface card (NIC), which may also be broadly reasonably interpreted as a network interface module. The transmission/reception of data streams discussed in Duan with regard to Figs. 1-3 may thus be broadly reasonably interpreted as including transmitting the data stream to or from a network interface module for the trusted execution environment; Duan; Figs. 1-3; Abstract, Sections 1-3).	Regarding claim 2, Duan teaches the limitations of claim 1.	Duan further teaches the data stream is encrypted (The data stream is discussed throughout at least Sections 1-3 as being encrypted. See for instance the first paragraph on page 2 discussing encrypted streams such as VoIP and streaming video, as well as the second paragraph of Section 2.2 discussing encrypted stream traffic; Duan; Sections 1-3).	Regarding claim 3, Duan teaches the limitations of claim 1.	Duan further teaches the metadata of each of the data packets includes respective packet size, packet count, and timestamp (Packet headers may include packet size, count, and timestamps; Duan; Table 1; Abstract and Sections 1 and 3).	Regarding claim 4, Duan teaches the limitations of claim 3.	Duan further teaches each of the data packets further includes application payload and one or more packet headers (Data packets are described throughout at least the Abstract and Section 1 as including packet headers and an application payload; Duan; Abstract and Section 1).	Regarding claim 5, Duan teaches the limitations of claim 1.	Duan further teaches processing the plurality of data packets comprises encoding the plurality of data packets (Packets may be packed into individual TLS records of fixed size back to back and then securely transmitted in a streaming manner. The Examiner would like to note that at least Section 2.1 of Applicant’s specification describes encoding packets in a similar manner, wherein encoding entails encoding the packets as a single stream, which is treated as application payloads and transmitted via a TLS communication channel. Encoding/decoding of packets is also discussed in at least the last paragraph of Section 3.1. The packets described throughout Duan may thus be broadly reasonably interpreted as being encoded; Duan; Section 1, page 2, last paragraph; Section 3.1; Section 3.2, second paragraph).	Regarding claim 6, Duan teaches the limitations of claim 1.	Duan further teaches processing the plurality of data packets comprises packing the plurality of data packets back-to-back to form the data stream (Packets may be packed back to back and then securely transmitted in a streaming manner; Duan; Section 1, page 2, last paragraph; Section 3.2, second paragraph).	Regarding claim 7, Duan teaches the limitations of claim 1.	Duan further teaches transmitting the data stream comprises: 	transmitting the data stream from a gateway to the network interface module via a communication channel arranged between the gateway and the network interface module (As can be seen in at least Fig. 3 (as well as throughout at least Sections 2-3) the data stream may be transmitted from the etap-client (i.e., the gateway) to the etap (i.e., the network interface module) via a communication channel; Duan; Figs. 2-3; Sections 2-3); and/or 	transmitting the data stream from the network interface module to a gateway via a communication channel arranged between the gateway and the network interface module (As can be seen in at least Fig. 3 (as well as throughout at least Sections 2-3) the data stream may be transmitted from the etap (i.e., the network interface module) to the etap-client (i.e., the gateway); Duan; Figs. 2-3; Sections 2-3).	Regarding claim 8, Duan teaches the limitations of claim 7.	Duan further teaches transmitting one or more heartbeat packets from the gateway to the network interface module via the communication channel (The etap periodically exchanges heartbeat packets with etap-cli (see last paragraph of Section 3.2.3), which is disclosed as being run by the gateway (see at least the first paragraph of Section 3.1). Duan may thus be broadly reasonably interpreted as teaching transmission of one or more heartbeat packets from the gateway to the network interface module via the communication channel; Duan; Section 3).	Regarding claim 9, Duan teaches the limitations of claim 1.	Duan further teaches the trusted execution environment comprises a middlebox module implemented in the trusted execution environment (As can be seen for instance in Fig. 2, the enclave (i.e., the trusted execution environment) may be comprised of a middlebox; Duan; Fig. 2; Sections 1-3), and the network interface module is arranged to be in data communication with the middlebox module (As can be seen for instance in Fig. 2, the etap (i.e., the network interface module) may be in communication with the middlebox; Duan; Fig. 2; Sections 1-3).	Regarding claim 10, Duan teaches the limitations of claim 9.	Duan further teaches the network interface module is initialized or arranged at least partly in the trusted execution environment (As can be seen for instance in Fig. 2, the enclave (i.e., the trusted execution environment) may be comprised of a middlebox. The middlebox may thus be broadly reasonably interpreted as being initialized or arranged at least partly in the trusted execution environment; Duan; Fig. 2; Sections 1-3).	Regarding claim 11, Duan teaches the limitations of claim 10.	Duan further teaches the trusted execution environment includes a Software Guard Extension (SGX) enclave (The trusted execution environment is described throughout Duan as including a Software Guard Extension (SGX) enclave; Duan; Fig. 1-3; Abstract and Sections 1-3).	Regarding claim 12, Duan teaches the limitations of claim 11.	Duan further teaches the trusted execution environment is initialized or provided using one or more processors that support SGX instructions (The LightBox system described throughout Duan as a system for processing and may thus be broadly reasonably interpreted as including one or more processors. At least Appendix A also mentions the use of a processor. The trusted execution environment described throughout Duan may thus be broadly reasonably interpreted as being initialized or provided using one or more processors. The trusted execution environment is also described throughout Duan as including a Software Guard Extension (SGX) enclave. Processors that initialize/provide the trusted execution environment that includes an SGX enclave may be broadly reasonably interpreted as supporting SGX instructions; Duan; Figs. 1-3; Abstract, Sections 1-3, and Appendix A).	Regarding claim 13, Duan teaches the limitations of claim 1.	Duan further teaches the network interface module includes a core driver arranged in the trusted execution environment, the core driver is arranged to receive and process the data stream (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include a core driver arranged in the trusted execution environment that receives and processes the data stream; Duan; Figs. 2-3; Section 3).	Regarding claim 14, Duan teaches the limitations of claim 13.	Duan further teaches the core driver is further arranged to maintain a clock module in the trusted execution environment (As can be seen in Fig. 3 and throughout at least Section 3, the core driver may have an etap clock, which may be broadly reasonably interpreted as a clock module that is maintained in the trusted execution environment; Duan; Figs. 2-3; Section 3).	Regarding claim 15, Duan teaches the limitations of claim 14.	Duan further teaches including a timestamp in each of the data packets prior to transmission of the data stream to the network interface module (Packets may include timestamps. See for instance at least the second paragraph of Section 3.2 wherein extraction of a timestamp from a received packet is discussed. See also the fourth paragraph of Section 3.2.3 discussing extraction and use of timestamps from the etap-cli run by the gateway. Timestamps may thus be broadly reasonably interpreted as being included in each of the data packets prior to transmission of the data stream to the network interface module; Duan; Table 1; Abstract and Sections 1-3).	Regarding claim 16, Duan teaches the limitations of claim 15.	Duan further teaches comparing, using the core driver, the timestamp in data packet in the data stream received at the network interface module with a clock in the clock module (As can be seen for instance in at least the fourth paragraph of Section 3.2.3, the etap-cli may be used as a trusted time source wherein the timestamps attached to packets received by the etap are used to maintain the etap clock. The core driver is described as updating the clock value upon every received packet. The core driver may thus be broadly reasonably interpreted as comparing the timestamp in data packet in the data stream received at the network interface module with a clock in the clock module; Duan; Figs. 2-3; Section 3); and 	updating the clock module based on the comparison (As can be seen for instance in at least the fourth paragraph of Section 3.2.3, the etap-cli may be used as a trusted time source wherein the timestamps attached to packets received by the etap are used to maintain the etap clock. The core driver is described as updating the clock value upon every received packet. The core driver may thus be broadly reasonably interpreted as updating the clock module based on the comparison discussed with regard to the previous limitation; Duan; Figs. 2-3; Section 3).	Regarding claim 17, Duan teaches the limitations of claim 16.	Duan further teaches the network interface module further includes: a poll driver arranged in the trusted execution environment (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include a poll driver arranged in the trusted execution environment; Duan; Figs. 2-3; Section 3), and operably connected with the core driver and with the middlebox module (As can be seen in Fig. 3 and throughout at least Section 3, the poll driver may receive/transmit data with the core driver and may thus be broadly reasonably interpreted as “operably connected” with the core driver. As can also be seen in at least Fig. 2, the etap may receive/transmit data with the middlebox. As can be seen for instance in at least the first paragraph of Section 3.2.2, the poll driver is run by the middlebox thread. The poll driver may thus also be broadly reasonably interpreted as “operably connected” with the middlebox module; Duan; Figs. 2-3; Section 3), the poll driver is arranged to enable the middlebox module to access data packets in the data stream received at the network interface module (The poll driver provides packet access API to upper layers by interacting with the RX and TX ring. As can be seen for instance in at least the first paragraph of Section 3.2.2, the poll driver is run by the middlebox thread. The poll driver may thus be broadly reasonably interpreted as enabling the middlebox module to access data packets in the data stream received at the network interface module; Duan; Figs. 2-3; Sections 3.1-3.2).	Regarding claim 18, Duan teaches the limitations of claim 17.	Duan further teaches the network interface module further includes: 	a receiver repository arranged in the trusted execution environment and arranged between the core driver and the poll driver (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include an RX ring and an associated record buffer between the core driver and the poll driver. Such an RX ring and record buffer may both (individually or in combination) be broadly reasonably interpreted as a receiver repository arranged in the trusted execution environment and arranged between the core driver and the poll driver; Duan; Figs. 2-3; Section 3), the receiver repository is arranged to hold packet data received at the network interface module (The RX ring and associated record buffer may hold data packets that are received at the etap; Duan; Figs. 2-3; Section 3); and 	a transmission repository arranged in the trusted execution environment and arranged between the core driver and the poll driver (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include an TX ring and an associated record buffer between the core driver and the poll driver. Such a TX ring and record buffer may both (individually or in combination) be broadly reasonably interpreted as a transmission repository arranged in the trusted execution environment and arranged between the core driver and the poll driver; Duan; Figs. 2-3; Section 3), the transmission repository is arranged to hold packet data to be transmitted out of the network interface module (The TX ring and associated record buffer may hold data packets to be transmitted out of the etap; Duan; Figs. 2-3; Section 3).	Regarding claim 19, Duan teaches the limitations of claim 17.	Duan further teaches the poll driver is arranged to operate in a blocking mode, in which a packet is guaranteed to be read or written, and a non-blocking mode (The poll driver may operate in two modes: a blocking mode wherein a packet is guaranteed to be read from or write to etap, and a non-blocking mode; Duan; Figs. 2-3; Section 3.2.2).	Regarding claim 20, Duan teaches the limitations of claim 18.	Duan further teaches synchronizing the receiver repository and the transmission repository (Synchronization between the core driver and the poll driver with regard to the TX ring and the RX ring is discussed for instance in at least Section 3.4, wherein shared control variables such as read_pos and write_pos are used by the drivers for synchronization. The core driver and/or the poll driver may thus be broadly reasonably interpreted as being arranged to synchronize the receiver repository and the transmission repository; Duan; Figs. 2-3; Section 3.4).	Regarding claim 21, Duan teaches the limitations of claim 18.	Duan further teaches the network interface module further includes: a buffer module arranged outside the trusted execution environment and arranged between the core driver and the a gateway, the buffer module is arranged to hold a plurality of records (As can be seen for instance in at least Fig. 3 and its corresponding description, the system may include a batch buffer (i.e., a buffer module) outside the enclave (i.e., outside the trusted execution environment) arranged between the core driver and the gateway. The batch buffer stores multiple records outside the enclave. The network interface module may thus be broadly reasonably interpreted as including a buffer module arranged outside the trusted execution environment and arranged between the core driver and the gateway, the buffer module is arranged to hold a plurality of records; Duan; Figs. 2-3; Section 3.1).	Regarding claim 22, Duan teaches a system for facilitating data communication of a trusted execution environment (Lightbox is a system that implements a process for stateful processing of a middlebox module in a trusted execution environment; Duan; Figs. 1-3; Abstract and Sections 1-3), the system comprising: 	one or more processors (The LightBox system described throughout Duan as a system for processing and may thus be broadly reasonably interpreted as including one or more processors. At least Appendix A also mentions the use of a processor; Duan; Figs. 1-3; Abstract, Sections 1-3, and Appendix A) arranged to: 		process a plurality of data packets (Processing of data packets is discussed in detail throughout the entire Duan reference; Duan; Figs. 1-3; Abstract and Sections 1-3), each including respective metadata (Packets are discussed as including metadata in at least the Abstract and in Sections 1, 8, and 9; Duan; Abstract and Sections 1, 8, and 9), to form a data stream including the plurality of data packets (At least Section 1 discusses transmitted/received packets as being related to VoIP and streaming video, which may each be broadly reasonably interpreted as a formed data stream including a plurality of packets. At least Section 1 (see page 2, col. 1, last full paragraph) also describes packet flows as streams and also describes streams as being “reassembled” (i.e., formed). The last paragraph on page 2 also discusses stream transmission and reassembly. Such stream transmission/reception and reassembly is also discussed in at least Sections 3 and 5; Abstract and Sections 1-3 and 5), wherein the data stream is a single continuous data stream in application-layer (The streams discussed with regard to at least the Abstract and Sections 1-3 and 8 are discussed as comprising application data. Such data streams may thus be broadly reasonably interpreted as single continuous data streams in application-layer; Abstract and Sections 1-3 and 8); and 		facilitate transmission of the data stream to or from a network interface module for the trusted execution environment (As was also discussed above, Figs. 1-3 of Duan appear to be identical to Figs. 5, 6, and 8 respectively in Applicant’s specification. At least the Brief Description of the Drawings section in Applicant’s specification describes Fig. 8 as a schematic diagram of the network interface module and associated components in the system of Figure 6. The etap depicted in Fig. 3 which is identical to Applicant’s Fig. 8 may thus also be broadly reasonably interpreted as a network interface module for the trusted execution environment. At least Section 3 also describes the etap depicted in Fig. 3 as a network interface card (NIC), which may also be broadly reasonably interpreted as a network interface module. The transmission/reception of data streams discussed in Duan with regard to Figs. 1-3 may thus be broadly reasonably interpreted as including transmitting the data stream to or from a network interface module for the trusted execution environment; Duan; Figs. 1-3; Abstract, Sections 1-3).	Regarding claim 23, Duan teaches the limitations of claim 22.	Duan further teaches the metadata of each of the data packet packets includes respective packet size, packet count, and timestamp (Packet headers may include packet size, count, and timestamps; Duan; Table 1; Abstract and Sections 1 and 3).	Regarding claim 24, Duan teaches the limitations of claim 22.	Duan further teaches the one or more processors are arranged to encode the plurality of data packets (Packets may be packed into individual TLS records of fixed size back to back and then securely transmitted in a streaming manner. The Examiner would like to note that at least Section 2.1 of Applicant’s specification describes encoding packets in a similar manner, wherein encoding entails encoding the packets as a single stream, which is treated as application payloads and transmitted via a TLS communication channel. Encoding/decoding of packets is also discussed in at least the last paragraph of Section 3.1. The packets described throughout Duan may thus be broadly reasonably interpreted as being encoded; Duan; Section 1, page 2, last paragraph; Section 3.1; Section 3.2, second paragraph).	Regarding claim 25, Duan teaches the limitations of claim 22.	Duan further teaches the one or more processors are arranged to pack the plurality of data packets back-to-back to form the data stream (Packets may be packed back to back and then securely transmitted in a streaming manner; Duan; Section 1, page 2, last paragraph; Section 3.2, second paragraph).	Regarding claim 26, Duan teaches the limitations of claim 22.	Duan further teaches the one or more processors are arranged to provide a gateway arranged to communicate with the network interface module via a communication channel (As can be seen for instance in at least Fig. 2 (and also throughout at least Sections 2 and 3), the system may be comprised of a gateway in communication with the network interface module via a communication channel. A gateway arranged to communicate with the network interface module via a communication channel may thus be broadly reasonably interpreted as being provided; Duan; Figs. 2-3; Sections 2-3).	Regarding claim 27, Duan teaches the limitations of claim 22.	Duan further teaches the one or more processors are arranged to provide the network interface module (As was also discussed in the independent claims, at least Figs. 1-3 of Duan appear to be identical to Figs. 5, 6, and 8 respectively in Applicant’s specification, and at least the Brief Description of the Drawings section in Applicant’s specification describes Fig. 8 as a schematic diagram of the network interface module and associated components in the system of Figure 6. A network interface module may thus be broadly reasonably interpreted as being provided; Duan; Figs. 2-3; Abstract, Sections 2-3), the network interface module is arranged to communicate with a gateway via a communication channel (The etap (i.e., the network interface module) may communicate with the gateway via a communication channel; Duan; Figs. 2-3; Abstract, Sections 2-3).	Regarding claim 28, Duan teaches the limitations of claim 26.	Duan further teaches the one or more processors are arranged to: facilitate transmission of one or more heartbeat packets from the gateway to the network interface module via the communication channel (The etap periodically exchanges heartbeat packets with etap-cli (see last paragraph of Section 3.2.3), which is disclosed as being run by the gateway (see at least the first paragraph of Section 3.1). The one or more processors may thus be broadly reasonably interpreted as facilitating transmission of one or more heartbeat packets from the gateway to the network interface module via the communication channel; Duan; Section 3).	Regarding claim 29, Duan teaches the limitations of claim 22.	Duan further teaches the trusted execution environment comprises a middlebox module implemented in the trusted execution environment (As can be seen for instance in Fig. 2, the enclave (i.e., the trusted execution environment) may be comprised of a middlebox; Duan; Fig. 2; Sections 1-3), and the network interface module is arranged to be in data communication with the middlebox module (As can be seen for instance in Fig. 2, the etap (i.e., the network interface module) may be in communication with the middlebox; Duan; Fig. 2; Sections 1-3).	Regarding claim 30, Duan teaches the limitations of claim 29.	Duan further teaches the network interface module is initialized or arranged at least partly in the trusted execution environment (As can be seen for instance in Fig. 2, the enclave (i.e., the trusted execution environment) may be comprised of a middlebox. The middlebox may thus be broadly reasonably interpreted as being initialized or arranged at least partly in the trusted execution environment; Duan; Fig. 2; Sections 1-3).	Regarding claim 31, Duan teaches the limitations of claim 30.	Duan further teaches the trusted execution environment includes a Software Guard Extension (SGX) enclave (The trusted execution environment is described throughout Duan as including a Software Guard Extension (SGX) enclave; Duan; Fig. 1-3; Abstract and Sections 1-3).	Regarding claim 32, Duan teaches the limitations of claim 30.	Duan further teaches the trusted execution environment is initialized or provided using one or more processors (The LightBox system described throughout Duan as a system for processing and may thus be broadly reasonably interpreted as including one or more processors. At least Appendix A also mentions the use of a processor. The trusted execution environment described throughout Duan may thus be broadly reasonably interpreted as being initialized or provided using one or more processors; Duan; Figs. 1-3; Abstract, Sections 1-3, and Appendix A).	Regarding claim 33, Duan teaches the limitations of claim 29.	Duan further teaches the network interface module includes a core driver arranged in the trusted execution environment, the core driver is arranged to receive and process the data stream (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include a core driver arranged in the trusted execution environment that receives and processes the data stream; Duan; Figs. 2-3; Section 3).	Regarding claim 34, Duan teaches the limitations of claim 33.	Duan further teaches the core driver is further arranged to maintain a clock module in the trusted execution environment (As can be seen in Fig. 3 and throughout at least Section 3, the core driver may have an etap clock, which may be broadly reasonably interpreted as a clock module that is maintained in the trusted execution environment; Duan; Figs. 2-3; Section 3).	Regarding claim 35, Duan teaches the limitations of claim 34.	Duan further teaches the one or more processors are arranged to include a timestamp in each of the data packets prior to transmission of the data stream to the network interface module (Packets may include timestamps. See for instance at least the second paragraph of Section 3.2 wherein extraction of a timestamp from a received packet is discussed. See also the fourth paragraph of Section 3.2.3 discussing extraction and use of timestamps from the etap-cli run by the gateway. Timestamps may thus be broadly reasonably interpreted as being included in each of the data packets prior to transmission of the data stream to the network interface module; Duan; Table 1; Abstract and Sections 1-3).	Regarding claim 36, Duan teaches the limitations of claim 35.	Duan further teaches the core driver is arranged to compare the timestamp in data packet in the data stream received at the network interface module with a clock in the clock module and update the clock module based on the comparison (As can be seen for instance in at least the fourth paragraph of Section 3.2.3, the etap-cli may be used as a trusted time source wherein the timestamps attached to packets received by the etap are used to maintain the etap clock. The core driver is described as updating the clock value upon every received packet. The core driver may thus be broadly reasonably interpreted as being arranged to compare the timestamp in data packet in the data stream received at the network interface module with a clock in the clock module and update the clock module based on the comparison; Duan; Figs. 2-3; Section 3).	Regarding claim 37, Duan teaches the limitations of claim 36.	Duan further teaches the network interface module further includes: a poll driver arranged in the trusted execution environment (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include a poll driver arranged in the trusted execution environment; Duan; Figs. 2-3; Section 3), and operably connected with the core driver and with the middlebox module (As can be seen in Fig. 3 and throughout at least Section 3, the poll driver may receive/transmit data with the core driver and may thus be broadly reasonably interpreted as “operably connected” with the core driver. As can also be seen in at least Fig. 2, the etap may receive/transmit data with the middlebox. As can be seen for instance in at least the first paragraph of Section 3.2.2, the poll driver is run by the middlebox thread. The poll driver may thus also be broadly reasonably interpreted as “operably connected” with the middlebox module; Duan; Figs. 2-3; Section 3), the poll driver is arranged to enable the middlebox module to access data packets in the data stream received at the network interface module (The poll driver provides packet access API to upper layers by interacting with the RX and TX ring. As can be seen for instance in at least the first paragraph of Section 3.2.2, the poll driver is run by the middlebox thread. The poll driver may thus be broadly reasonably interpreted as enabling the middlebox module to access data packets in the data stream received at the network interface module; Duan; Figs. 2-3; Sections 3.1-3.2).	Regarding claim 38, Duan teaches the limitations of claim 37.	Duan further teaches the poll driver is arranged to operate in a blocking mode, in which a packet is guaranteed to be read or written, and a non-blocking mode (The poll driver may operate in two modes: a blocking mode wherein a packet is guaranteed to be read from or write to etap as well as a non-blocking mode; Duan; Figs. 2-3; Section 3.2.2).	Regarding claim 39, Duan teaches the limitations of claim 22.	Duan further teaches further comprising the network interface module (The system depicted in Figs. 2-3 may be broadly reasonably interpreted as comprising the etap (i.e., the network interface module); Duan; Figs. 1-3; Abstract, Sections 1-3), and wherein the one or more processors are arranged to provide a gateway arranged to communicate with the network interface module via a communication channel (As can be seen for instance in at least Fig. 2 (and also throughout at least Sections 2 and 3), the system may be comprised of a gateway in communication with the network interface module via a communication channel. A gateway arranged to communicate with the network interface module via a communication channel may thus be broadly reasonably interpreted as being provided; Duan; Figs. 2-3; Sections 2-3), and the network interface module is arranged to communicate with the gateway via the communication channel (The etap (i.e., the network interface module) may communicate with the gateway via a communication channel; Duan; Figs. 2-3; Abstract, Sections 2-3), the network interface module comprising: 	a core driver arranged in the trusted execution environment, the core driver is arranged to receive and process a data stream received from the gateway via the communication channel (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include a core driver arranged in the trusted execution environment that receives and processes the data stream; Duan; Figs. 2-3; Section 3).	Regarding claim 40, Duan teaches the limitations of claim 39.	Duan further teaches the core driver is further arranged to maintain a clock module in the trusted execution environment (As can be seen in Fig. 3 and throughout at least Section 3, the core driver may have an etap clock, which may be broadly reasonably interpreted as a clock module that is maintained in the trusted execution environment; Duan; Figs. 2-3; Section 3).	Regarding claim 41, Duan teaches the limitations of claim 40.	Duan further teaches the core driver is arranged to compare a respective timestamp included in each of the data packet in the data stream received at the network interface module with a clock in the clock module and to update the clock module based on the comparison (As can be seen for instance in at least the fourth paragraph of Section 3.2.3, the etap-cli may be used as a trusted time source wherein the timestamps attached to packets received by the etap are used to maintain the etap clock. The core driver is described as updating the clock value upon every received packet. The core driver may thus be broadly reasonably interpreted as being arranged to compare the timestamp in data packet in the data stream received at the network interface module with a clock in the clock module and update the clock module based on the comparison; Duan; Figs. 2-3; Section 3).	Regarding claim 42, Duan teaches the limitations of claim 39.	Duan further teaches the trusted execution environment comprises a middlebox module implemented in the trusted execution environment (As can be seen for instance in Fig. 2, the enclave (i.e., the trusted execution environment) may be comprised of a middlebox; Duan; Fig. 2; Sections 1-3), and the network interface module is arranged to be in data communication with the middlebox module (As can be seen for instance in Fig. 2, the etap (i.e., the network interface module) may be in communication with the middlebox; Duan; Fig. 2; Sections 1-3).	Regarding claim 43, Duan teaches the limitations of claim 42.	Duan further teaches the network interface module is initialized or arranged at least partly in the trusted execution environment (As can be seen for instance in Fig. 2, the enclave (i.e., the trusted execution environment) may be comprised of a middlebox. The middlebox may thus be broadly reasonably interpreted as being initialized or arranged at least partly in the trusted execution environment; Duan; Fig. 2; Sections 1-3).	Regarding claim 44, Duan teaches the limitations of claim 43.	Duan further teaches the trusted execution environment includes a Software Guard Extension (SGX) enclave (The trusted execution environment is described throughout Duan as including a Software Guard Extension (SGX) enclave; Duan; Fig. 1-3; Abstract and Sections 1-3).	Regarding claim 45, Duan teaches the limitations of claim 43.	Duan further teaches the trusted execution environment is initialized or provided using one or more processors (The LightBox system described throughout Duan as a system for processing and may thus be broadly reasonably interpreted as including one or more processors. At least Appendix A also mentions the use of a processor. The trusted execution environment described throughout Duan may thus be broadly reasonably interpreted as being initialized or provided using one or more processors; Duan; Figs. 1-3; Abstract, Sections 1-3, and Appendix A).	Regarding claim 46, Duan teaches the limitations of claim 42.	Duan further teaches the network interface module further includes: a poll driver arranged in the trusted execution environment (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include a poll driver arranged in the trusted execution environment; Duan; Figs. 2-3; Section 3), and operably connected with the core driver and with the middlebox module (As can be seen in Fig. 3 and throughout at least Section 3, the poll driver may receive/transmit data with the core driver and may thus be broadly reasonably interpreted as “operably connected” with the core driver. As can also be seen in at least Fig. 2, the etap may receive/transmit data with the middlebox. As can be seen for instance in at least the first paragraph of Section 3.2.2, the poll driver is run by the middlebox thread. The poll driver may thus also be broadly reasonably interpreted as “operably connected” with the middlebox module; Duan; Figs. 2-3; Section 3), the poll driver is arranged to enable the middlebox module to access data packets in the data stream received at the network interface module (The poll driver provides packet access API to upper layers by interacting with the RX and TX ring. As can be seen for instance in at least the first paragraph of Section 3.2.2, the poll driver is run by the middlebox thread. The poll driver may thus be broadly reasonably interpreted as enabling the middlebox module to access data packets in the data stream received at the network interface module; Duan; Figs. 2-3; Sections 3.1-3.2).	Regarding claim 47, Duan teaches the limitations of claim 46.	Duan further teaches the network interface module further includes: 	a receiver repository arranged in the trusted execution environment and arranged between the core driver and the poll driver (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include an RX ring and an associated record buffer between the core driver and the poll driver. Such an RX ring and record buffer may both (individually or in combination) be broadly reasonably interpreted as a receiver repository arranged in the trusted execution environment and arranged between the core driver and the poll driver; Duan; Figs. 2-3; Section 3), the receiver repository is arranged to hold packet data received at the network interface module (The RX ring and associated record buffer may hold data packets that are received at the etap; Duan; Figs. 2-3; Section 3); and 	a transmission repository arranged in the trusted execution environment and arranged between the core driver and the poll driver (As can be seen in Fig. 3 and throughout at least Section 3, the etap (i.e., the network interface module) may include an TX ring and an associated record buffer between the core driver and the poll driver. Such a TX ring and record buffer may both (individually or in combination) be broadly reasonably interpreted as a transmission repository arranged in the trusted execution environment and arranged between the core driver and the poll driver; Duan; Figs. 2-3; Section 3), the transmission repository is arranged to hold packet data to be transmitted out of the network interface module (The TX ring and associated record buffer may hold data packets to be transmitted out of the etap; Duan; Figs. 2-3; Section 3).	Regarding claim 48, Duan teaches the limitations of claim 46.	Duan further teaches the poll driver is arranged to operate in a blocking mode, in which a packet is guaranteed to be read or written, and a non-blocking mode (The poll driver may operate in two modes: a blocking mode wherein a packet is guaranteed to be read from or write to etap, and a non-blocking mode; Duan; Figs. 2-3; Section 3.2.2).	Regarding claim 49, Duan teaches the limitations of claim 47.	Duan further teaches the core driver and/or the poll driver are arranged to synchronize the receiver repository and the transmission repository (Synchronization between the core driver and the poll driver with regard to the TX ring and the RX ring is discussed for instance in at least Section 3.4, wherein shared control variables such as read_pos and write_pos are used by the drivers for synchronization. The core driver and/or the poll driver may thus be broadly reasonably interpreted as being arranged to synchronize the receiver repository and the transmission repository; Duan; Figs. 2-3; Section 3.4).	Regarding claim 50, Duan teaches the limitations of claim 47.	Duan further teaches the network interface module further includes: 	a buffer module arranged outside the trusted execution environment and arranged between the core driver and the gateway, the buffer module is arranged to hold a plurality of records (As can be seen for instance in at least Fig. 3 and its corresponding description, the system may include a batch buffer (i.e., a buffer module) outside the enclave (i.e., outside the trusted execution environment) arranged between the core driver and the gateway. The batch buffer stores multiple records outside the enclave. The network interface module may thus be broadly reasonably interpreted as including a buffer module arranged outside the trusted execution environment and arranged between the core driver and the gateway, the buffer module is arranged to hold a plurality of records; Duan; Figs. 2-3; Section 3.1).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC A MYERS whose telephone number is (571)272-0997. The examiner can normally be reached Monday - Friday 10:30am to 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Thier can be reached on 5712722832. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ERIC MYERS/Primary Examiner, Art Unit 2474