DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with John Hobgood on 05/02/2022.
The application has been amended as follows: Claims 1, 4-7, 9-12, 18-20, 23, 26, 28, 30 and 31 are amended. Claims 2, 3, 24, 25 and 32 are canceled.
1.	(Currently Amended) A method comprising:
	constructing an isolated memory partition that forms a secure enclave, wherein the secure enclave is available to one or more processors for running one or more application computing processes in isolation from one or more unauthorized computing processes running on the one or more processors; 
	de-identifying input data prior to loading the input data into the secure enclave, wherein de-identifying the input data comprises removing information that identifies one or more individuals or entities from the input data; and
pre-provisioning software within the secure enclave, wherein the pre-provisioned software is configured to execute instructions of the one or more application computing processes on the one or more processors by:
	receiving, by the one or more processors, the de-identified input data
	loading, by the one or more processors, the de-identified input data into the secure enclave;
	receiving, by the one or more processors, from an instruction provider corresponding to an entity other than an entity providing the input data, one or more programs comprising the instructions for the one or more application computing processes;
	loading, by the one or more processors, the one or more programs into the secure enclave; and
	decrypting thede-identified input dataat least one of one or more cryptographic keys;
	executing the one or more application computing processes based on the decrypted de-identified input data using the secure enclave;
	generating a proof of execution that proves that the one or more instructions of the one or more application computing processes operated on the received de-identified input data;
	encrypting the output data using at least one of the one or more cryptographic keys; and
	providing external access to the encrypted output data and the proof of execution.
2.	(Cancelled)
3.	(Cancelled)
4.	(Currently Amended) The method of claim 1[[3]], wherein the input data comprises clinical data that is de-identified by removing personally identifying information (PII) from the clinical data.
5.	(Currently Amended) The method of claim 1[[2]], further comprising providing a decryption key associated with the input data or the instructions of the one or more application computing processes inside the secure enclave to the data provider or the instruction provider, respectively. 
6.	(Currently Amended) The method of claim 1[[2]], further comprising associating an input de-identification probability with the de-identified input data prior to loading the de-identified input data into the secure enclave, wherein the secure enclave maintains the input de-identification probability in the output data. 
7.	(Currently Amended) The method of claim 1[[2]], wherein the input data and the one or more programs 
9.	(Currently Amended) The method of claim 8, wherein the input data 
10.	(Currently Amended) The method of claim 8, wherein the output data displayed via the web client or web server is associated with a cryptographic object associated with the secure enclave. 
11.	(Currently Amended) The method of claim 1, further comprising receiving the input data or the one or more programs comprising instructions from a curation service, wherein the curation service determines that the input data or instructions are privacy-preserving.
12.	(Currently Amended) The method of claim 1, wherein the secure enclave is communicatively coupled to one or more other secure enclaves to form a pipeline, wherein the output data from the secure enclave is provided as input data to the one or more other s in the pipeline. 
18.	(Currently Amended) The method of claim 1, wherein executing the one or more application computing processes [[in]]using the secure enclave further comprises generating a unique signature for the secure enclave based on the at least one of input data or instructions.
19.	(Currently Amended) The method of claim 1, wherein the received de-identified input data and the instructions of the one or more application computing processes are not accessible to any other secure enclaves linked to the secure enclave in a pipeline. 
20.	(Currently Amended) The method of claim 19, wherein the received de-identified input data and instructions of the one or more application computing processes is not accessible to an operator of the pipeline. 
23.	(Currently Amended) A system comprising:
a non-transitory memory; and
one or more hardware processors configured to read instructions from the non-transitory memory that, when executed, cause the one or more hardware processors to perform operations comprising:
	constructing an isolated memory partition that forms a secure enclave, wherein the secure enclave is available to the one or more hardware processors for running one or more application computing processes in isolation from one or more unauthorized computing processes running on the one or more hardware  processors; and
de-identifying input data prior to loading the input data into the secure enclave, wherein de-identifying the input data comprises removing information that identifies one or more individuals or entities from the input data;
pre-provisioning software within the secure enclave, wherein the pre-provisioned software is configured to execute instructions of the one or more application computing processes on the one or more processors by:
	receiving, by the one or more processors, the de-identified input data
	loading, by the one or more processors, the de-identified input data into the secure enclave;
	receiving, by the one or more processors, from an instruction provider corresponding to an entity other than an entity providing the input data, one or more programs comprising the instructions for the one or more application computing processes;
	loading, by the one or more processors, the one or more programs into the secure enclave; and
	decrypting thede-identified input dataat least one of one or more cryptographic keys;
	executing the one or more application computing processes based on the decrypted de-identified input data using the secure enclave;
	generating a proof of execution that proves that the one or more instructions of the one or more application computing processes operated on the received de-identified input data;
	encrypting the output data using at least one of the one or more cryptographic keys; and
	providing external access to the encrypted output data and the proof of execution.
24.	(Cancelled)
25.	(Cancelled)
26.	(Currently Amended) The system of claim 23[[24]], wherein the operations further comprise providing a decryption key associated with the secure enclave to the entity providing the input data
28.	(Currently Amended) The system of claim 23, wherein the secure enclave is communicatively coupled to one or more other secure enclaves to form a pipeline, wherein the output data from the secure enclave is provided as input data to the one or more other s in the pipeline.
30.	(Currently Amended) The system of claim 23, wherein executing the one or more application computing processes [[in]]using the secure enclave further comprises generating a unique signature for the secure enclave based on the at least one of input data or instructions.
31.	(Currently Amended) A non-transitory computer-readable medium storing instructions that, when executed by one or more hardware processors, cause the one or more hardware processors to perform operations comprising:
constructing an isolated memory partition that forms a secure enclave, wherein the secure enclave is available to the one or more hardware processors for running one or more application computing processes in isolation from one or more unauthorized computing processes running on the one or more hardware  processors; and
de-identifying input data prior to loading the input data into the secure enclave, wherein de-identifying the input data comprises removing information that identifies one or more individuals or entities from the input data;
pre-provisioning software within the secure enclave, wherein the pre-provisioned software is configured to execute instructions of the one or more application computing processes on the one or more processors by:
	receiving, by the one or more processors, the de-identified input data
	loading, by the one or more processors, the de-identified input data into the secure enclave;
	receiving, by the one or more processors, from an instruction provider corresponding to an entity other than an entity providing the input data, one or more programs comprising the instructions for the one or more application computing processes;
	loading, by the one or more processors, the one or more programs into the secure enclave; and
	decrypting thede-identified input dataat least one of one or more cryptographic keys;
	executing the one or more application computing processes based on the decrypted de-identified input data using the secure enclave;
	generating a proof of execution that proves that the one or more instructions of the one or more application computing processes operated on the received de-identified input data;
	encrypting the output data using at least one of the one or more cryptographic keys; and
	providing external access to the encrypted output data and the proof of execution.
32.	(Cancelled)
Allowable Subject Matter
Claims 1, 4-23 and 26-31 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The primary reason for allowance of the claims are the limitations of de-identifying input data prior to loading the input data into the secure enclave, wherein de-identifying the input data comprises removing information that identifies one or more individuals or entities from the input data; and pre-provisioning software within the secure enclave, wherein the pre-provisioned software is configured to execute instructions of the one or more application computing processes on the one or more processors by: receiving, by the one or more processors, the de-identified input data in an encrypted form; loading, by the one or more processors, the de-identified input data into the secure enclave; receiving, by the one or more processors, from an instruction provider corresponding to an entity other than an entity providing the input data, one or more programs comprising the instructions for the one or more application computing processes.
The prior art disclosed by Durand et al. teaches a system to obscure personally identifiable information of a user of an electronic device. The system includes a first processor to select a set of instructions from a plurality of sets of instructions. The first processor also is to transmit the set of instructions to a second processor, the second processor disposed in an electronic device, the electronic device remote from the first processor, the set of instructions to cause the second processor to obtain non-personally identifiable data from the personally identifiable information gathered by the electronic device.
The prior art fails to teach the unique limitations shown above and recited in the claims of the instant invention.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to IZUNNA OKEKE whose telephone number is (571)270-3854. The examiner can normally be reached Mon - Fri 8 - 4 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/IZUNNA OKEKE/Primary Examiner, Art Unit 2497