DETAILED ACTION
This office action is in response to applicant’s communication dated 5/10/2022. If needed, this communication is herein referred to as “Amendment”. 

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.  

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/10/2022 has been entered.
 
Claims’ Status
Claims 1-23 are pending and are currently being examined.
Claims 1, 8 and 15 are independent.
Claims 21-23 are newly added. 

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim(s) 1-2, 4-5, 8-11, 14-18 and 21-23 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang Ik Cho (hereinafter Chang –WO 2009064048 A1) in view of Tenorio; Manoel (hereinafter Tenorio – US 7149744 B1) and further in view of Obaidi; Ahmad Arash et al. (hereinafter Obaidi – US 20130281058 A1).

Rajakarunanayake; Yasantha et al. (hereinafter Rajakarunanayake – US 20140123209 A1). 
Independent Claims 1, 8 and 15:
	Chang teaches One or more storage devices or storage disks having instructions stored thereon (and respective device and method) which, when executed, cause the first processor of a device to:
monitor operations of a main operating system (OS), the operations including access to a web site; (Pg 10:16-26, FIG. 7 at S702, determination unit 402 determines whether the authorized web site address is an access-permitted web site address, i.e., “monitor access to one or more web sites”; also see Pgs 14:1-10/15-24 and 15:17-20) 
identify a switching event (Pg 6:19-27, a signal for switching)
that corresponds to an attempted operation associated with the web site […]; (Pg 6:13-27, the signal may be correspond to a user intending to use a financial transaction service.)
switch from the main OS to a secure OS (deactivate first OS and execute second OS) responsive to identifying the switching event, […]; (Pgs 6:28-7:13)
[…].
Chang does not appear to expressly teach the attempted operation including access to a confidential document. 
However, Tenorio teaches/suggests that the attempted operation including access to a confidential document (a buyer accesses stored transaction documents, which contain confidential information, in order to facilitate current or future transactions, see at least Abstract and col 17:29-50). 
Accordingly, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the one or more storage devices or storage disks (and the respective device and method) of Chang wherein the attempted operation including access to a confidential document, as taught/suggested by Tenorio.
One would have been motivated to make such a combination in order to a more versatile and efficient storage/device/method allowing for the performance of financial transactions that access and reuse confidential information in transaction documents (at least Tenorio col 1:54-60).
Chang does not appear to expressly teach 
the secure OS executing on a second processor included in a trusted execution environment (TEE), the second processor physically separate from the first processor
and cause the second processor to authenticate the device to a server, the server associated with securing the device 
However, Obaidi teaches/suggests 
the secure OS executing on a second processor included in a trusted execution environment (TEE), the second processor physically separate from the first processor (TEE 318, which is physically separate from processor(s) 304, may have its own dedicated processor, which operate independently from the other processor(s) 304, ¶ 41 and fig. 3
an SE [that is, a TEE] has processing circuitry that is separate from a host’s processing circuitry, ¶ 20 and fig. 1, and the SE employs its own operating system [a secure OS], ¶ 26; “SE” is a secure element, ¶ 12)
cause the second processor to authenticate the device to a server, the server associated with securing the device. (cryptographic identifier is transmitted to provisioning server for authentication to manage monitor and manage customer access to telecommunication services and devices, ¶¶ 10 and 68 and fig. 7) 
Accordingly, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the one or more storage devices or storage disks (and the respective device and method) of Chang to include the secure OS executing on a second processor included in a trusted execution environment (TEE), the second processor physically separate from the first processor and cause the second processor to authenticate the device to a server, the server associated with securing the device, as taught/suggested by Obaidi.
One would have been motivated to make such a combination in order to provide a more secure storage/device/method that prevents unauthorized access to devices and services (Obaidi ¶¶ 5-6 and 10).

Claims 2, 9 and 16:
The rejection of claims 1, 8 and 15 are incorporated. Chang, as modified, further teaches 
identify one or more secure operations to be executed, wherein execution of the one or more secure operations in the main OS corresponds to the attempted operation (Chang Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction service using the secure OS, necessarily occurs after identifying one or more secure operations to be executed. “Secure operations” is herein interpreted as operations effectuated using the secure OS.)
that includes access to the confidential document (Tenorio Abstract and col 17:29-50). 

Claims 4, 10 and 17:
The rejection of claims 2, 9 and 16 are incorporated. Chang, as modified, further teaches execute the one or more secure operations in the secure OS (Chang Pgs 9:14-18 and 12:7-12, “effectuating” of the financial transaction service using the secure OS, necessarily occurs after identifying one or more secure operations to be executed. “Secure operations” is herein interpreted as operations effectuated using the secure OS.)

Claims 5 and 18:
	The rejection of claims 4 and 17 are incorporated. Chang, as modified, further teaches switch from the secure OS to the main OS (Chang FIG. 7 at S708, the First OS is activated again after the transactions are effectuated, therefore the switching back to the first OS is also “responsive to executing the one or more secure operations in the secure operations in the secure OS” [of instant claim 18]). 

Claim 11:
	The rejection of claim 10 is incorporated. Chang, as modified, further teaches switch from the main OS to the secure OS responsive to execution of the one or more secure operations (Chang, the First OS is deactivated and the Second OS is activated [switch] for the financial transaction, pgs 12:4-10 and FIG. 7 at S703-S705).

Claim 14:
	The rejection of claim 8 is incorporated. Chang, as modified, further teaches wherein the device includes at least one of a smart phone, a tablet computer, a laptop computer (notebook PC), or a desktop computer (Chang Pg 6:13-15). 

Claims 21-23:
The rejection of claims 1, 8 and 15 are incorporated. Chang, as modified, further teaches wherein the second processor is physically isolated from the first processor. (Obaidi teaches/suggests that TEE 318, which is physically separate/isolated from processor(s) 304, may have its own dedicated processor, which operate independently from the other processor(s) 304, ¶ 41 and fig. 3
an SE [that is, a TEE] has processing circuitry that is separate from a host’s processing circuitry, ¶ 20 and fig. 1, and the SE employs its own operating system [a secure OS], ¶ 26; “SE” is a secure element, ¶ 12).

Claim 3 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009064048 A1) in view of Tenorio (US 7149744 B1) and Obaidi (US 20130281058 A1) as applied to claim 2 above, and further in view of Hoy; Robert B. et al. (hereinafter Hoy – US 20130318594 A1).

Claim 3:
The rejection of claim 2 is incorporated. Chang further teaches that a certain web sites of financial institutions may be authorized for effectuating financial transaction services (Chang Pg 10:16-26).
Chang doesn’t directly teach “compare the web site to a list of web sites” and “identify the one or more secure operations to be executed based, at least in part, on a result of the comparison”.
However, Hoy, in an analogous art of protection of computer systems from injurious software (Par 2), teaches the concept of a system that uses, at least in part, a whitelist of trusted websites, to help defend against internet security threats, such as malware that can infect an operation system (Pars. 34 and 57).
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time the invention was made, to apply the known concept of a system that uses, at least in part, a whitelist of trusted websites, to help defend against internet security threats, such as malware that can infect an operation system, as taught by Hoy, to modify the storage of Chang, to include “compare the web site to a list of web sites” and “identify the one or more secure operations to be executed based, at least in part, on a result of the comparison”, because this would improve the efficiency of the storage device, by being able to adjust security measures and the use of pertinent resources need for security based on websites that lists.

Claim(s) 6, 12 and 19 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009064048 A1) in view of Tenorio (US 7149744 B1) and Obaidi (US 20130281058 A1) as applied to claims 1, 8 and 15 above, and further in view of Schmidt; Andreas et al. (hereinafter Schmidt – US 20100323714 A1).
Smith; Ned M. et al. (hereinafter Smith – US 20140108805 A1).

Claims 6, 12 and 19:
	The rejection of claims 1, 8 and 15 are incorporated. Chang does not appear to expressly teach wherein the TEE stores one or more encryption keys. 
However, Schmidt teaches/suggests wherein the TEE stores one or more encryption keys (a broadcast system includes a key storage, which stares encryption keys, is provided inside a trusted execution environment, ¶¶ 354 and 356).
Obaidi teaches that a cryptographic key pair is shared between the security agent of the TEE and the security agent of client 436, ¶ 62encryption key stored in trusted execution environment (TEE) and used to encrypt information provided to the TEE, ¶ 58; TEE is trusted execution environment, ¶ 28). 
Accordingly, it would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the storage/device/method of Chang wherein the TEE stores one or more encryption keys, as taught/suggested by Schmidt.
One would have been motivated to make such a combination in order to arrive at more secure storage/device/method that securely stores keys to protect them from software/hardware attacks (Schmidt ¶ 229).

Claim(s) 7, 13 and 20 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chang (WO 2009064048 A1) in view of Tenorio (US 7149744 B1) and Obaidi (US 20130281058 A1) as applied to claims 1, 8 and 15 above, and further in view of Owen (US Patent Application Publication 20120011354). 

Claims 7, 13 and 20:
	The rejection of claims 1, 8 and 15 are incorporated. Chang doesn’t directly teach wherein the secure OS is accessed via read-only memory.
However, Owen, in an analogous art of a device for establishing secure computing environment (Abstract), teaches “the fact that the memory module 34, which stores the secure operating system 35, is read-only or otherwise write-protected makes the secure operating system 35 resistant to malware threats, since malicious software cannot be saved to the read-only memory module, or otherwise incorporated into the secure operating system 35” (Par 23).
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time the invention was made, to apply the known concept that a read-only memory makes the secure operating systems resistant to malware threats, as taught by Owen, to modify the storage/device/method in Chang to include wherein the secure OS is accessed via read-only memory, because this would lead to the predictable result of more secure storage/device/method that make the second OS resistant to malware threats (Owen, Par 23).

Response to Arguments
Applicant’s prior art arguments have been fully considered but are moot in view of the new grounds of rejection presented above. Nevertheless, although Smith (which was filed on 10/12/2012 and assigned to Intel Corporation on 3/25/2014) is no longer relied upon, the examiner reminds the applicant that the instant application is being examined under pre-AIA , and for purposes of pre-AIA  35 U.S.C. 103(c), common ownership must be at the time the claimed invention was made. See MPEP § 2146.02.I.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GABRIEL S MERCADO whose telephone number is (408)918-7537. The examiner can normally be reached Mon-Fri 8am-5pm (Eastern Time).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William L. Bashore can be reached on (571) 272-4088. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Gabriel Mercado/Examiner, Art Unit 2175                                                                                                                                                                                                        


/DANIEL RODRIGUEZ/Primary Examiner, Art Unit 2175