DETAILED ACTION
This action is in response to the application filed on March 29, 2021. Claims 1-15 are pending. Of such, claims 1-13 represent a method, claim 14 represents another method, and claim 15 represents a device directed to protecting secret software and confidential data in a secure enclave. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of- the AIA .
Drawings
The subject matter of this application admits of illustration by a drawing to facilitate understanding of the invention.  The specifications reference figures 1-3 but are not found within the translated specifications.  No new matter may be introduced in the required drawing.  Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d).
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-5, 7, and 9-15 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated over Shuma et al. (US Publication Number 20210007814), hereinafter referred to as Shuma.
Regarding Claim 1, Shuma discloses: 
A method of receiving and executing a secret software on data in a secure enclave of a first device, comprising the following steps implemented in the secure enclave (In ¶ 4, Shuma discloses “One example method includes receiving, by a computing device, a request to execute an application from a robotic surgical system”) : generating a public key (In ¶ 63, Shuma discloses “the controller 130 employs public key cryptography (“PKC”) to perform the decryption and ensure the validity of the digital signature of the software package received”); receiving the encrypted secret software from a second device (In ¶ 48, Shuma discloses “with respect to the example methods in FIGS. 5 and 6, the robotic surgical system 210 receives the signed software.”); decrypting the encrypted secret software from a key depending on the public key (In ¶ 63, Shuma discloses “the controller 130 employs public key cryptography (“PKC”) to perform the decryption and ensure the validity of the digital signature of the software package received”); receiving data (In ¶ 49, Shuma discloses “As discussed above, communications hub 340 can access, compile, and send vital hospital records, personnel and patient information, surgical scheduling information, as well as third-party apps to the controller 330 of a robotic surgical system 310.”); and executing the secret software using the data (In ¶ 3, Shuma discloses “execute the application in the execution environment.”).
Regarding Claim 2, Shuma discloses: 
The method according to claim 1, characterized in that the method further comprises the following steps implemented in the secure enclave: generating a certificate comprising information relating to the secure enclave (In ¶ 47, Shuma discloses “The code signing system 208 of the trusted authority 270 receives software 202, e.g., SDKs, APIs, or apps, and a digital certificate that certifies ownership of a cryptographic key from a certification authority 206.”); sending the certificate to a trusted device in order to allow the trusted device to carry out a control of the information relating to the secure enclave ; and the step of receiving the encrypted secret software from the second device is implemented after control of the certificate by the trusted device (In ¶ 47, Shuma discloses “The signed software 212, having the signed digital certificate 218 and optional timestamp 216 can then be transmitted by the trusted authority 270, or another trusted entity, to the remote server(s) 260, data store 262, or communications hub 240 via network 250.”).
Regarding Claim 3, Shuma discloses: 
The method according to claim 2, characterized in that the information relating the secure enclave comprises information relating to the public key; and the step of sending the certificate to the trusted device allows the trusted device to control the generation of the public key in the secure enclave (In ¶ 47, Shuma discloses “The code signing system 208 of the trusted authority 270 receives software 202, e.g., SDKs, APIs, or apps, and a digital certificate that certifies ownership of a cryptographic key from a certification authority 206.” And in ¶ 49, Shuma further discloses “The trusted entity 370 may provide important information to the communications hub 340, including encryption keys, certificates of authenticity, timestamps, verification information for requested apps, etc. ”).
Regarding Claim 4, Shuma discloses: 
The method according to claim 2, characterized in that the information relating the secure enclave comprises a footprint relating to the secure enclave; and the step of sending the certificate to the trusted device allows the trusted device to control the integrity of the secure enclave of the first device (In ¶ 47, Shuma discloses “The code signing system 208 of the trusted authority 270 receives software 202, e.g., SDKs, APIs, or apps, and a digital certificate that certifies ownership of a cryptographic key from a certification authority 206.” And in ¶ 49, Shuma further discloses “The trusted entity 370 may provide important information to the communications hub 340, including encryption keys, certificates of authenticity, timestamps, verification information for requested apps, etc. ”).
Regarding Claim 5, Shuma discloses: 
The method according to claim 1, characterized in that the method further comprises the following steps implemented in the secure enclave: a step of generating a secret value and the step of generating the public key is carried out from the secret value; a step of sending the public key to the second device in order to allow the second device to create a symmetric key depending on the public key and to encrypt the secret software with the symmetric key; a step of receiving a first partial key coming from the second device; a step of generating the symmetric key, from the first partial key and the secret value; and 251579-035U Patent Applicationthe step of decrypting the encrypted secret software is carried out from the symmetric key (In ¶ 63, Shuma discloses “At block 540, the controller 130 verifies the signature of the encrypted software package. In this example, the controller 130 employs public key cryptography (“PKC”) to perform the decryption and ensure the validity of the digital signature of the software package received. In some examples, the controller 130 may perform the PKC decryption technique on a hash of data, checksum, or any other string of data associated with the software package instead of the entire software package. In other examples, the controller 130 can decrypt the software package based on any suitable encryption technique, such as an asymmetric key algorithm, e.g., digital signature standard (“DSS”), Rivest-Shamir-Adleman (“RSA”), YAK, ElGamal, Diffie-Hellman (“DH”), etc.”).
Regarding Claim 7, Shuma discloses: 
The method according to claim 1, characterized in that the step of decrypting the encrypted secret software is carried out from a private key of a pair of asymmetric keys, the pair of asymmetric keys being formed of the public key and the associated private key (In ¶ 63, Shuma discloses “the controller 130 can decrypt the software package based on any suitable encryption technique, such as an asymmetric key”).
Regarding Claim 9, Shuma discloses: 
The method according to claim 1, characterized in that the first device receives a software execution environment and installs the software execution environment in order to initialize the secure enclave (In ¶ 38, Shuma discloses “The controller 130 identifies the resources requested by an app to configure a restricted execution environment for the app based on the resources identified in the manifest file.”).
Regarding Claim 10, Shuma discloses: 	
The method according to claim 9, characterized in that the software execution environment comes from the second device or a third device (In ¶ 38, Shuma discloses “The controller 130 identifies the resources requested by an app to configure a restricted execution environment for the app based on the resources identified in the manifest file.”).
Regarding Claim 11, Shuma discloses: 
The method according to claim 9, characterized in that the software execution environment comprises secret software execution control measures (In ¶ 77, Shuma discloses “the controller 130 may change the limitations placed on the restricted execution environment based on the determinations discussed above, increasing or decreasing restrictions on the execution environment.”).
Regarding Claim 12, Shuma discloses: 
The method according to claim 11, characterized in that the secret software execution control measures comprise a counter for controlling and/or limiting the number of executions of the secret software (In ¶ 80, Shuma discloses “The computing device 700 includes an execution environment 730 that enables the controller 130 to creates a restricted execution environment for an app. As discussed above, the creation of the execution environment 730 may be based on requested resources present in the app's manifest. In some examples, the execution environment 730 may only allow the app to access its own local file storage, may limit the app's usage of memory, initiate network connections, make API calls, or implement another system constraint”).
Regarding Claim 13, Shuma discloses: 
The method according to claim 1, characterized in that the data receiving step implemented in the secure enclave comprises the reception of data from a device other than the first device (In ¶ 39, Shuma discloses “Some app providers 170 may include requested privileges in the app's manifest. For example, app providers 170 may request privileges to receive data from sensors, calendars, cameras, location, usage, microphones associated with the surgical robot 134. The controller 130 reads the verified manifest to determine whether those privileges should be granted, e.g., based on the configuration of the surgical robotic system.”).
Regarding Claim 14, Shuma discloses: 
A method of remote execution, in a secure enclave of a first device, of a secret software on data of a second device, characterized in that it comprises the following steps implemented in the second device (In ¶ 4, Shuma discloses “One example method includes receiving, by a computing device, a request to execute an application from a robotic surgical system”): obtaining a public key of the secure enclave of the first device (In ¶ 63, Shuma discloses “the controller 130 employs public key cryptography (“PKC”) to perform the decryption and ensure the validity of the digital signature of the software package received”); encrypting the secret software from a key depending on the public key (In ¶ 63, Shuma discloses “At block 540, the controller 130 verifies the signature of the encrypted software package. In this example, the controller 130 employs public key cryptography (“PKC”) to perform the decryption and ensure the validity of the digital signature of the software package received.”); and sending the encrypted secret software to the secure enclave of the first device for its decryption and execution using data in the secure enclave (In ¶ 62, Shuma discloses “At block 530, the controller 130 of the robotic surgical system 110 receives an encrypted software package from the remote server(s)”).
Regarding Claim 15, Shuma discloses: 	
A device configured to implement the method according to claim 1 (In ¶ 3, Shuma discloses “One example computing device includes a processor; and a non-transitory computer readable medium configured to store at least executable instructions”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 6 and 8 are rejected under 35 U.S.C. 103 as being anticipated over Shuma et al. (US Publication Number 20210007814), hereinafter referred to as Shuma, in view of Hanel et al (US Publication Number 20200252207), hereinafter referred to as Laud.
Regarding Claim 6, Shuma discloses the limitations according to claim 5. 
Shuma does not explicitly teach the limitation of encrypting the secret key. 
However, Hanel discloses the following limitation:
The method according to claim 5, characterized in that the secure enclave comprises a master key; and the method further comprises a step of encrypting the symmetric key or the secret value implemented in the secure enclave, from the master key, the encrypted symmetric key or the encrypted secret value being memorized in a device other than the secure enclave (In ¶ 62, Hanel discloses “The symmetric key is injected to the device in the trusted execution environment 20 during production and is itself encrypted using a per-device secret key that does not leave the device (it is private to the device).”); and the step of deciphering the encrypted secret software is preceded by a step of obtaining the encrypted symmetric key and a step of decrypted the encrypted symmetric key or the encrypted secret value from the master key in order to obtain the symmetric key or the secret value (In ¶ 26, Hanel discloses “The device key could be used directly as the decryption key for decrypting the software decryption key, or a further key derived from the device key could be used to decrypt the software decryption key.” And in ¶ 45, Hanel further discloses “The software decryption key may be a symmetric key”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Shuma’s approach by utilizing Hanel’s approach of encrypting the secret key as the motivation would be the use of the secret key is more efficient than creating individual decryption keys for each device and the encryption of the key improves security (see Hanel ¶ 20 and 28)
Regarding Claim 8, Shuma discloses the limitations according to claim 7. 
Shuma does not explicitly teach the limitation of encrypting the private key. 
However, Hanel discloses the following limitation:
The method according to claim 7, characterized in that the secure enclave comprises a master key; and 261579-035U Patent Applicationthe method further comprises a step of encrypting the private key implemented in the secure enclave, from the master key, the encrypted private key being memorized in a device other than the secure enclave; and the step of decrypting the encrypted secret software is preceded by a step of obtaining the encrypted private key and a step of decrypting the encrypted private key from the master key in order to obtain the private key  (In ¶ 26, Hanel discloses “the protected state is a state in which the software decryption key is encrypted based on a device key which is private to the computing device and is inaccessible to the program code executed in the less secure execution environment…. The device key could be used directly as the decryption key for decrypting the software decryption key, or a further key derived from the device key could be used to decrypt the software decryption key.”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Shuma’s approach by utilizing Hanel’s approach of encrypting the private key as the motivation would be to improve the security of the software by utilizing the key wrapping mechanism  (see Hanel ¶ 68)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Kushtagi et al. (US Publication Number 20210117514) discloses a method for secure token management for software licensing.
Vlot et al. (US Publication Number 20160006724) discloses a method for secure installation of software in a device for accessing protected content.
Camiel (US Publication Number 20090187769) discloses a method for autonomous software protection device.
Whelihan, David (US Patent Number 10169251) discloses a method of limited execution of software on a processor. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492