DETAILED ACTION
Claims 1 and 3-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Hao Zhang (Reg. No. 78707) on May 6, 2022.
The application has been amended as follows: 

1.	(Currently Amended) A method comprising:
establishing, by a processor, a trusted execution area for a first computing process, wherein the trusted execution area comprises an encrypted storage area;
copying data of the first computing process into the trusted execution area, wherein the data comprises executable data or non-executable data;
storing, by the processor, a second copy of the data of the first computing process;
enabling a second computing process to access the second copy of the data of the first computing process, wherein the data of the first computing process in the trusted execution area is inaccessible to the second computing process; and
executing, by the processor, the first computing process using the trusted execution area, 
wherein the first computing process is an application process and the second computing process is a kernel process that manages the application process, and wherein the data in the trusted execution area is accessible to the application process and inaccessible to the kernel process.
2.	(Cancelled) 
4.	(Currently Amended) The method of claim 1, further comprising: 
inspecting, by the second computing process, the second copy of the data of the first computing process; and
determining, by the second computing process in view of the inspecting, that the data of the first computing process that is in the trusted execution area comprises non-malicious executable code.
6.	(Currently Amended) The method of claim 1, wherein enabling the second computing process to access the second copy of the data comprises the second computing process being provided a cryptographic key that enables the second computing process to decrypt the second copy of the data.
7.	(Currently Amended) The method of claim 1, further comprising:
transmitting, by the processor, a cryptographic key to a device over a network, wherein the cryptographic key is a symmetric transport key; and
receiving, from the device over the network, the data of the first computing process and the symmetric transport key, wherein the data of the first computing process is encrypted using the cryptographic key,
wherein storing the second copy of the data comprises storing the second copy of the data that is encrypted using the cryptographic key.
8.	(Currently Amended) The method of claim 1, wherein the second copy of the data is encrypted using a first cryptographic key and the data in the trusted execution area is encrypted using a second cryptographic key.
10.	(Currently Amended) A system comprising:
a memory; and
a processing device communicably coupled to the memory, the processing device to:
establish a trusted execution area for a first computing process, wherein the trusted execution area comprises an encrypted storage area in the memory;
copy data of the first computing process into the trusted execution area, wherein the data comprises executable data or non-executable data;
store a second copy of the data of the first computing process;
enable a second computing process to access the copy of the data of the first computing process, wherein the data of the first computing process in the trusted execution area is inaccessible to the second computing process; and
execute the data of the first computing process using the trusted execution area, 
wherein the first computing process is an application process and the second computing process is a kernel process that manages the application process, and wherein the data in the trusted execution area is accessible to the application process and inaccessible to the kernel process.
13.	(Currently Amended) The system of claim 10, wherein the second copy of the data is encrypted using a first cryptographic key and the data in the trusted execution area is encrypted using a second cryptographic key.
14.	(Currently Amended) The system of claim 10, wherein the processing device is to: 
inspect, by the second computing process, the second copy of the data of the first computing process; and
determine, by the second computing process in view of the inspection, that the data of the first computing process that is in the trusted execution area comprises non-malicious executable code.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “establishing, by a processor, a trusted execution area for a first computing process, wherein the trusted execution area comprises an encrypted storage area; copying data of the first computing process into the trusted execution area, wherein the data comprises executable data or non-executable data; storing, by the processor, a second copy of the data of the first computing process; enabling a second computing process to access the second copy of the data of the first computing process, wherein the data of the first computing process in the trusted execution area is inaccessible to the second computing process; and executing, by the processor, the first computing process using the trusted execution area, wherein the first computing process is an application process and the second computing process is a kernel process that manages the application process, and wherein the data in the trusted execution area is accessible to the application process and inaccessible to the kernel process". 
The following is considered to be the closest prior art of record:
Pandey (US 2017/0286645) – teaches a secure enclave to copy and store data for parent and child processes.
Bathula (US 2009/0260052) – teaches a security policy to grant or deny one process access to another processes data.
Ortiz (US 2019/0362083) – teaches having a trusted execution environment to store data that is inaccessible to the kernel.
Kameyama (US 2002/0065934) – teaches a parent process turning on a copy request flag to inform a child process of the presence of data to be copied.
Banga (US 2015/0143374) – teaches a hypervisor being used to control multiple operating systems on multiple virtual machines.
Wiacek (US 2019/0116030) – teaches obtaining a copy of encrypted data to monitor the behavior of the process accessing the encrypted data.
Chhabra (US 2017/0026181) – teaches a trusted execution environment (TEE).
Xing (US 2014/0006711) – teaches secure execution environment using virtual machines and virtual memories.
Bhat (US 2016/0371495) – teaches transferring data between applications executing in a sandbox environment.
Van Riel (US 2019/0026476) – teaches the kernel being able to copy protected data but cannot access the protected data.
However, the concept of storing data from a process/application in a trusted execution area, preventing the kernel from accessing the process/application data that is stored in the trusted execution area, but copying the process/application data to an area of memory to allow the kernel to access the process/application data as claimed cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1 and 3-20 are considered to be allowable.
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
The remarks and amendments submitted on April 25, 2022 have overcome the previous prior art rejections. Therefore, all of the previous rejections have been removed and the current claims are in condition for allowance.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498