DETAILED ACTION
This is a non-final Office action in response to communications received on 10/8/2020.  Claims 1-30 were cancelled in a preliminary amendment.  New claims 31-60 were added.  Claims 31-60 are pending and are examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
The drawings filed 10/8/2020 are acknowledged.
Priority or Provisional
Priority to 4/11/2018 is acknowledged.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 31, 38-39, 41, 45-46, 53-54 & 60 are rejected under 35 U.S.C. 103 as being unpatentable over Nesher (US 2016/0171248) in view of Horovitz (US 2015/0089502).
Regarding claim 31, Nesher discloses the limitations substantially as follows: 
A method for accessing one or more service processes of service (paras. [0013], [0024]-[0027], Fig. 2: accessing trusted agents including Agent Thread and Application Threads), the method comprising: 
executing, by data processing hardware, at least one service enclave, the at least one service enclave providing an interface to the one or more service processes (paras. [0002], [0013], [0023]-[0027], [0029]-[0030], Figs. 1-2: executing, by System 100, a Trusted Manager Trusted software execution environment (TXE) 205 (i.e. at least one service enclave), which is coupled to trusted agents/Agent or Agent Threads via shared memory which provides an infrastructure for communication (i.e. provides interface to the one or more service processes)); and 
executing, by the data processing hardware, an enclave sandbox, the enclave sandbox configured to (paras. [0026], [0029], Fig. 2: executing, by System, Trusted manager 206 (i.e. an enclave sandbox) corresponds/wraps the Trusted Manager TXE 205): 
establish an encrypted communication tunnel to the at least one service enclave interfacing with the one or more service processes (paras. [0023]-[0027], [0029], [0031], Figs. 1-2: establishing secure channel 230 (i.e. encrypted communication channel) to Trusted Manager 205 (i.e. service enclave) interfacing with trusted agents Agent Thread and Application Threads); and 
communicate program calls to/from the one or more service processes as encrypted communications through the encrypted communication tunnel (paras. [0018]-[0020], [0029]-[0031], Figs. 1-2: communicating user program messages/calls from user programs corresponding to the trusted agents/Agent Thread/Application Threads thru secure channel).
Nesher does not explicitly disclose the remaining limitations of claim 31 as follows:
an enclave sandbox that wraps the at least one service enclave
However, in the same field of endeavor, Horovitz discloses the remaining limitations of claim 31 as follows:
an enclave sandbox that wraps the at least one service enclave (paras. [0013], [0025]-[0027], [0035]: outer enclave (i.e. enclave sandbox) protects/wraps an inner enclave (i.e. service enclave))
Horovitz is combinable with Nesher because both are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Horovitz’s outer and inner enclave protection with the system of Nesher in order so that “[m]ultiple protective layers of security [which] may thereby be employed, at different levels of the system, making penetration more difficult for an attacker” (Horovitz, para. [0013]).

	Regarding claims 38 and 53, Nesher and Horovitz disclose the limitations of the method of claim 31 and the system of claim 47.
Nesher and Horovitz disclose the limitations of claims 38 and 53 as follows:
wherein the encrypted communication tunnel extends through the enclave sandbox between an input end at the interface to the one or more service processes and an output end (Horovitz, paras. [0013], [0017], [0025]-[0027], [0038]: communications between a virtualization layer interface (i.e. input end) of the inner enclave VM to a virtualization layer interface of the outer enclave (i.e. output end)) at the enclave sandbox interfacing with a client process (Nesher, paras. [0023]-[0027], [0029], [0031], [0067]-[0070], [0072]-[0073], Fig. 2: secure channel extends through Trusted Manager 206 (i.e. enclave sandbox) between the memory/interface to the Trusted Agents (i.e. one or more service processes) and the Trusted Manager 206 interfacing with the user programs/applications (i.e. client processes)).
The same motivation to combine utilized in claims 31 and 47 is equally applicable in the instant claim.

	Regarding claims 39 and 54, Nesher and Horovitz disclose the limitations of the method of claim 31 and the system of claim 47.
Nesher discloses the limitations of claims 39 and 54 as follows:
wherein the program calls communicated to/from the one or more service processes by the enclave sandbox comprise remote procedure calls (paras. [0013]-[0014], [0018]: communications can be sent from client of user device to backend service on remote computing node (i.e. sending remote procedure calls) from the trusted agents by the trusted manager TXE).

	Regarding claim 46, Nesher discloses the limitations substantially as follows:
A system for accessing one or more service processes of a service (paras. [0013], [0024]-[0027], Fig. 2: accessing trusted agents including Agent Thread and Application Threads), the system comprising: 
data processing hardware; and 
memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed by the data processing hardware cause the data processing hardware to perform operations comprising: 
executing at least one service enclave, the at least one service enclave providing an interface to the one or more service processes (paras. [0002], [0013], [0023]-[0027], [0029]-[0030], Figs. 1-2: executing, by System 100, a Trusted Manager Trusted software execution environment (TXE) 205 (i.e. at least one service enclave), which is coupled to trusted agents/Agent or Agent Threads via shared memory which provides an infrastructure for communication (i.e. provides interface to the one or more service processes)); and 
executing an enclave sandbox, the enclave sandbox configure to: establish an encrypted communication tunnel to the at least one service enclave interfacing with the one or more service processes (paras. [0023]-[0027], [0029], [0031], Figs. 1-2: executing, by System, Trusted manager 206 (i.e. an enclave sandbox) corresponds/wraps the Trusted Manager TXE 205 to establish secure channel 230 (i.e. encrypted communication channel) to Trusted Manager 205 (i.e. service enclave) interfacing with trusted agents Agent Thread and Application Threads); and 
communicate program calls to/from the one or more service processes as encrypted communications through the encrypted communication tunnel (paras. [0018]-[0020], [0029]-[0031], Figs. 1-2: communicating user program messages/calls from user programs corresponding to the trusted agents/Agent Thread/Application Threads thru secure channel).
Nesher does not explicitly disclose the remaining limitations of claim 46 as follows:
an enclave sandbox that wraps the at least one service enclave
However, in the same field of endeavor, Horovitz discloses the remaining limitations of claim 46 as follows:
an enclave sandbox that wraps the at least one service enclave (paras. [0013], [0025]-[0027], [0035]: outer enclave (i.e. enclave sandbox) protects/wraps an inner enclave (i.e. service enclave))
Horovitz is combinable with Nesher because both are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Horovitz’s outer and inner enclave protection with the system of Nesher in order so that “[m]ultiple protective layers of security [which] may thereby be employed, at different levels of the system, making penetration more difficult for an attacker” (Horovitz, para. [0013]).

	Regarding claim 41, Nesher discloses the limitations substantially as follows:
A method for accessing a service process (paras. [0013], [0024]-[0027], Fig. 2: accessing trusted agents including Agent Thread and Application Threads), the method comprising: 
executing, by data processing hardware, an inner enclave that interfaces with the service process of a software application (paras. [0002], [0013], [0023]-[0027], [0029]-[0030], Figs. 1-2: executing, by System 100, a Trusted Manager Trusted software execution environment (TXE) 205 (i.e. at least one service enclave), which is coupled to trusted agents/Agent or Agent Threads of applications via shared memory which provides an infrastructure for communication (i.e. provides interface to the one or more service processes)); 
executing, by the data processing hardware, an outer enclave (paras. [0026], [0029], Fig. 2: executing, by System, Trusted manager 206 (i.e. an enclave sandbox) corresponds/wraps the Trusted Manager TXE 205); 
establishing, by the data processing hardware, an encryption communication tunnel through the outer enclave to the inner enclave interfacing with the service process, the encryption communication tunnel extending from a first interface between the outer enclave and an external network to a second interface between the inner enclave and the service process (paras. [0023]-[0027], [0029], [0031], [0067]-[0070], [0072]-[0073], Figs. 1-2, 6: establishing secure channel 230 (i.e. encrypted communication channel) through the trusted Manager 206 to the Trusted Manager 205 (i.e. service enclave) interfacing with trusted agents Agent Thread and Application Threads, the secure channel extending from the memory (i.e. first interface) located between the Trusted Manager 206 (i.e. outer enclave) and external network to an Trusted Agent TXE’s/interfaces (i.e. second interfaces) connecting the Trusted Manager 205 to the trusted agents/service processes it manages); and 
communicating, by the data processing hardware, program calls to/from the service process as encrypted communications through the encrypted communication tunnel (paras. [0018]-[0020], [0029]-[0031], Figs. 1-2: communicating user program messages/calls from user programs corresponding to the trusted agents/Agent Thread/Application Threads thru secure channel).
Nesher does not explicitly disclose the remaining limitations of claim 41 as follows:
an outer enclave that wraps the inner enclave
the encryption communication tunnel extending from a first interface between the outer enclave and an external network to a second interface between the inner enclave and the service process
However, in the same field of endeavor, Horovitz discloses the remaining limitations of claim 41 as follows:
an enclave sandbox that wraps the at least one service enclave (paras. [0013], [0025]-[0027], [0035]: outer enclave (i.e. enclave sandbox) protects/wraps an inner enclave (i.e. service enclave))
establishing, by the data processing hardware, communication through the outer enclave to the inner enclave, the communication extending from a first interface between the outer enclave and an external network to a second interface between the inner enclave and the service process (paras. [0013], [0017], [0025]-[0027], [0038]: establishing, by the system, communication through an outer enclave (i.e. enclave sandbox) to an inner enclave (i.e. service enclave), the communication extending from a virtualization layer interface of the outer enclave VM to a virtualization layer of the inner enclave)
Horovitz is combinable with Nesher because both are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Horovitz’s outer and inner enclave protection with the system of Nesher in order so that “[m]ultiple protective layers of security [which] may thereby be employed, at different levels of the system, making penetration more difficult for an attacker” (Horovitz, para. [0013]).

Regarding claims 45 and 60, Nesher and Horovitz disclose the limitations of the method of claim 41 and the system of claim 56.
Nesher discloses the limitations of claims 45 and 60 as follows:
wherein the program calls communicated to/from the service process comprise remote procedure calls (paras. [0013]-[0014], [0018]: communications can be sent from client of user device to backend service on remote computing node (i.e. sending remote procedure calls) from the trusted agents by the trusted manager TXE).

	Regarding claim 56, Nesher discloses the limitation substantially as follows:
A system for accessing a service process (paras. [0013], [0024]-[0027], Fig. 2: accessing trusted agents including Agent Thread and Application Threads), the system comprising: 
data processing hardware; and 
memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed by the data processing hardware cause the data processing hardware to perform operations comprising: 
executing an inner enclave that interfaces with the service process of a software application (paras. [0002], [0013], [0023]-[0027], [0029]-[0030], Figs. 1-2: executing, by System 100, a Trusted Manager Trusted software execution environment (TXE) 205 (i.e. at least one service enclave), which is coupled to trusted agents/Agent or Agent Threads of applications via shared memory which provides an infrastructure for communication (i.e. provides interface to the one or more service processes)); 
executing an outer enclave (paras. [0026], [0029], Fig. 2: executing, by System, Trusted manager 206 (i.e. an enclave sandbox) corresponds/wraps the Trusted Manager TXE 205); 
establishing an encryption communication tunnel through the outer enclave to the inner enclave interfacing with the service process, the encryption communication tunnel extending from a first interface between the outer enclave and an external network to a second interface between the inner enclave and the service process (paras. [0023]-[0027], [0029], [0031], [0067]-[0070], [0072]-[0073], Figs. 1-2, 6: establishing secure channel 230 (i.e. encrypted communication channel) through the trusted Manager 206 to the Trusted Manager 205 (i.e. service enclave) interfacing with trusted agents Agent Thread and Application Threads, the secure channel extending from the memory (i.e. first interface) located between the Trusted Manager 206 (i.e. outer enclave) and network external to an Trusted Agent TXE’s/interfaces (i.e. second interfaces) connecting the Trusted Manager 205 to the trusted agents/service processes it manages); and 
communicating program calls to/from the service process as encrypted communications through the encrypted communication tunnel (paras. [0018]-[0020], [0029]-[0031], Figs. 1-2: communicating user program messages/calls from user programs corresponding to the trusted agents/Agent Thread/Application Threads thru secure channel).
Nesher does not explicitly disclose the remaining limitations of claim 56 as follows:
an outer enclave that wraps the inner enclave
the encryption communication tunnel extending from a first interface between the outer enclave and an external network to a second interface between the inner enclave and the service process
However, in the same field of endeavor, Horovitz discloses the remaining limitations of claim 56 as follows:
an enclave sandbox that wraps the at least one service enclave (paras. [0013], [0025]-[0027], [0035]: outer enclave (i.e. enclave sandbox) protects/wraps an inner enclave (i.e. service enclave))
establishing, by the data processing hardware, communication through the outer enclave to the inner enclave, the communication extending from a first interface between the outer enclave and an external network to a second interface between the inner enclave and the service process (paras. [0013], [0017], [0025]-[0027], [0038]: establishing, by the system, communication through an outer enclave (i.e. enclave sandbox) to an inner enclave (i.e. service enclave), the communication extending from a virtualization layer interface of the outer enclave VM to a virtualization layer of the inner enclave)
Horovitz is combinable with Nesher because both are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Horovitz’s outer and inner enclave protection with the system of Nesher in order so that “[m]ultiple protective layers of security [which] may thereby be employed, at different levels of the system, making penetration more difficult for an attacker” (Horovitz, para. [0013]).

Claims 32-37, 40, 42-44, 47-52, 55 & 57-59 are rejected under 35 U.S.C. 103 as being unpatentable over Nesher (US 2016/0171248) in view of Horovitz (US 2015/0089502), as applied to claims 31, 41, 46 and 56, further in view of Karagiannis (US 2018/0375644).
Regarding claims 32 and 47, Nesher and Horovitz disclose the limitations of the method of claim 31 and the system of claim 47.
Nesher discloses the limitations of claims 32 and 47 as follows:
further comprising: 
receiving, at the data processing hardware, a program call to the one or more service processes, (paras. [0020], [0027]-[0029], [0031]: receiving, at the system, calls from applications/user programs to the trusted agents including Agent Thread and Application Threads, wherein the calls from the user programs are unencrypted until the Diffie-Hellman key is received (i.e. program calls comprise cleartext)); 
encrypting, by the data processing hardware, the cleartext as ciphertext using an encryption key (paras. [0029]-[0030]: encrypting, by the system, the unencrypted text to generate encrypted text (i.e. ciphertext) using a key for encrypting); and 
communicating, by the data processing hardware, the ciphertext though the encrypted communication tunnel to the one or more service processes, wherein the at least one service enclave is configured to obtain a key from a key manager after success attestation to the key manager (paras. [0029]-[0030]: communicating, by the system, the encrypted data through the secure channel (i.e. encrypted communication channel) to the one or more trusted agents (i.e. one or more service processes), wherein the Trusted Manager TXE (i.e. at least one service enclave) is configured to obtain the key for accessing the encrypted data (i.e. obtains the decryption key) from the Trusted Agent TXE (i.e. key manager) after successful attestation to the Trusted Agent TXE).
Neither Nesher or Horovitz discloses the remaining limitations of claims 32 and 47 as follows:
		the program call comprising cleartext
wherein the at least one service enclave is configured to obtain a decryption key from a key manager for decrypting the ciphertext back to cleartext
However, in the same field of endeavor, Karagiannis discloses the remaining limitations of claims 32 and 47 as follows
the program call comprising cleartext (paras. [0008], [0029], [0040], [0090]: system/program calls on the enclave are processed in the clear (i.e. as cleartext) by being generated and then encrypted prior to being moved to DRAM (i.e. program call comprises cleartext prior to being encrypted);
wherein the at least one service enclave is configured to obtain a decryption key from a key manager for decrypting the ciphertext back to cleartext (paras. [0037]-[0038], [0040]-[0041]: middlebox/enclave (i.e. service enclave) obtains a security for decrypting encrypted text (i.e. for decrypting the ciphertext back to cleartext) from a client (i.e. key manager))
Karagiannis is combinable with Horovitz and Nesher because all three are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Karagiannis’ method of obtaining decryption keys for decrypting ciphertext back to cleartext with the system of Horovitz and Nesher in order to enable the enclave to decrypt and verify the authenticity of the data it receives.

	Regarding claims 33 and 48, Nesher, Horovitz and Karagiannis disclose the limitations of the method of claim 31 and the system of claim 47.
Nesher and Karagiannis disclose the limitations of claims 33 and 48 as follows:
further comprising, 
after encrypting the cleartext as ciphertext at the enclave sandbox, storing, by the data processing hardware, the encryption key (Karagiannis, paras. [0031], [0037], [0040], [0044], [0111], [0117], [0121]: storing, by network equipment of the enclave, the key used to encrypt the data transmitted for resuming sessions) associated with the decryption key obtained by the at least one service enclave for decrypting the ciphertext back to cleartext (paras. [0029]-[0030]: encrypting the encrypted data (i.e. encrypting cleartext to generate ciphertext) through the Trusted Manager 206, the key for encrypting/decrypting the data obtained by the Trusted Manager 205).
It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Karagiannis’ method of storing keys used to encrypt data with the system of Horovitz and Nesher in order to enable session resumption and subsequent transmission of encrypted data.

Regarding claims 34 and 49, Nesher, Horovitz and Karagiannis disclose the limitations of the method of claims 31-32 and the system of claim 47.
Nesher discloses the limitations of claims 34 and 49 as follows:
wherein receiving the program call to the one or more service processes comprises receiving one of a get data call or a put data call from a client process interfacing with the enclave sandbox, the client process executing on a client device in communication with the data processing hardware over a network (paras. [0018], [0027]-[0029], [0031]: receiving calls from user programs from applications of the Trusted Agents including Agent Thread and Application Threads (i.e. one or more processes) comprising receiving calls to get or receive data from the user process/application interfacing with the Trust Manager 206 (i.e. interfacing with the enclave sandbox), the user processes executing on the system of the computing node in communication with the system over a network).

	Regarding claims 35 and 50, Nesher and Horovitz disclose the limitations of the method of claim 31 and the system of claim 47.
Nesher discloses the limitations of claims 35 and 50 as follows:
further comprising: 
receiving, at the data processing hardware, a program call from the one or more service processes interfacing with the at least one service enclave through the encrypted communication tunnel, the program call comprising ciphertext (paras. [0018], [0023]-[0024], [0027], [0030]: receiving, at the system, calls from user programs corresponding to the applications of the trusted agents including Agent Thread and Application Threads (i.e. service processes) interfacing with Trusted Manager (i.e. service enclave) through secure communication channels (i.e. encrypted communication tunnels), the calls/communications comprising encrypted information/ciphertext);
obtaining, by the data processing hardware, a decryption key from a key manager for decrypting the ciphertext to cleartext after success attestation to the key manager (paras. [0029]-[0030]: obtaining, by the system, keys for encrypting and decrypting information transmitted over the secure channel from trusted manager TXE (i.e. key manager) after successful attestation to the trusted manager/key manager); and 
Neither Nesher or Horovitz disclose the remaining limitations of claims 35 and 50 as follows:
obtaining a decryption key for decrypting the ciphertext to cleartext; and 
communicating, by the data processing hardware, the cleartext to a client process interfacing with the enclave sandbox, the client process executing on a client device in communication with the data processing hardware over a network.
However, in the same field of endeavor, Karagiannis discloses the remaining limitations of claims 35 and 50 as follows:
obtaining a decryption key for decrypting the ciphertext to cleartext (paras. [0037]-[0038], [0040]-[0041]: obtaining the security key for decrypting encrypted text (i.e. decrypting ciphertext to cleartext)); and 
communicating, by the data processing hardware, the cleartext to a client process interfacing with the enclave sandbox, the client process executing on a client device in communication with the data processing hardware over a network (paras. [0027], [0030], [0040], [0044]: communicating, by the network equipment of the enclave, the decrypted information/cleartext to a middlebox function of a client middlebox/enclave (i.e. client process interfacing with the enclave sandbox), the middlebox function executing on the client middlebox in communication with network equipment over the network).
Karagiannis is combinable with Horovitz and Nesher because all three are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Karagiannis’ method of obtaining decryption keys for decrypting ciphertext back to cleartext with the system of Horovitz and Nesher in order to enable the enclave to decrypt and verify the authenticity of the data it receives.

	Regarding claims 36 and 51, Nesher, Horovitz and Karagiannis disclose the limitations of the method of claims 31 and 35 and the system of claims 47 and 50.
Nesher and Karagiannis disclose the limitations of claims 36 and 51 as follows:
wherein the at least one service enclave is configured to: 
receive the program call from the one or more service processes through the interface (Nesher, paras. [0023], [0027]-[0029], [0031]: receiving calls from user programs of the one or more applications of the trusted agents including Agent Thread and Application Threads (i.e. form the one or more service processes) through the memory providing the infrastructure/interface, the calls from the user programs unencrypted until a Diffie-Hellman type exchange is received (i.e. comprises cleartext)), the program call comprising cleartext (Karagiannis, paras. [0008], [0029], [0040], [0090]: system/program calls on the enclave are processed in the clear (i.e. as cleartext) by being generated and then encrypted prior to being moved to DRAM (i.e. program call comprises cleartext prior to being encrypted); 
encrypt the cleartext into the ciphertext using an encryption key (Nesher, paras. [0029]-[0030]: encrypting information/cleartext into encrypted information (i.e. ciphertext) using a Diffie-Hellman type key for encryption); and
communicate the ciphertext through the encrypted communication tunnel to the enclave sandbox (Nesher, paras. [0029]-[0030]: communicating the encrypted information through the secure channel to trusted manager 206 and trusted manager TXE 205).
It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Karagiannis’ method of generating program calls in the clear before encrypting them with the system of Horovitz and Nesher in order to enable the enclaves to read, authenticate and evaluate the information in the program calls so that the enclaves can perform functions upon the information in the program calls that could not be performed if the data in the calls were encrypted and unreadable by the enclaves.

	Regarding claims 37 and 52, Nesher, Horovitz and Karagiannis disclose the limitations of the method of claims 31 and 35 and the system of claims 47 and 50.
Nesher discloses the limitations of claims 37 and 52 as follows:
wherein receiving the program call from the one or more service processes comprises receiving a return data call from the one or more service processes, the return data call comprising a data object requested by the client process (Nesher, paras. [0020], [0027]-[0029]: receiving the calls from the user programs/applications from the Trusted Agents including Agent Thread and Application Threads comprising receiving calls returned from the Threads of the Trusted agents comprising data objects received in response to requesting and obtaining secure channels with the Trusted manger) (see also, Karagiannis, paras. [0123]-[0125]: receiving system/program calls from the enclave threads (i.e. one or more service processes) comprises receiving the returned result of a system call (i.e. return data call) from the enclave threads, the returned result of the system call comprising a result/data object requested by a client/system of the enclave).

Regarding claims 40 and 55, Nesher and Horovitz disclose the limitations of the method of claim 31 and the system of claim 47.
Neither Nesher or Horovitz discloses the limitations of claims 40 and 55 as follows:
wherein the at least one service enclave is unavailable for remote attestation by a client process interfacing with the enclave sandbox.
However, in the same field of endeavor, Karagiannis discloses the remaining limitations of claims 40 and 55 as follows:
wherein the at least one service enclave is unavailable for remote attestation by a client process interfacing with the enclave sandbox (paras. [0092]-[0094]: where at least one middlebox/enclave cannot be used by a client-side middlebox (i.e. client process interfacing with enclave sandbox) to successfully perform (i.e. is unavailable for) remote attestation when the option is not included or when the middlebox is not authentic).
It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Karagiannis’ method of having the enclave unavailable for successful remote attestation in certain situations with the system of Nesher and Horovitz in order to identify when a session does not terminate inside a secure execution environment or conserve system resources by avoiding performing remote attestation where unnecessary.

Regarding claims 42 and 57, Nesher and Horovitz disclose the limitations of the method of claim 41 and the system of claim 56.
Nesher discloses the limitations of claims 42 and 57 as follows:
further comprising: 
receiving, at the data processing hardware, a program call to the service process, the program call issued by a process interfacing with the outer enclave through the external network (paras. [0020], [0027]-[0029], [0031], Fig. 2: receiving, at the system, calls from applications/user programs to the trusted agents including Agent Thread and Application Threads, wherein the calls from the user programs are unencrypted until the Diffie-Hellman key is received (i.e. program calls comprise cleartext), wherein the calls from applications/user programs are issued by threads/processes interfacing through memory with the Trusted manager 206 through the network external to the Trusted Agent TXEs); 
encrypting, by the data processing hardware, the cleartext as ciphertext using an encryption key (paras. [0029]-[0030]: encrypting, by the system, the unencrypted text to generate encrypted text (i.e. ciphertext) using a key for encrypting); and 
communicating, by the data processing hardware, the ciphertext though the encrypted communication tunnel to the service process, wherein the inner enclave is configured to obtain a key from a key manager after success attestation to the key manager (paras. [0029]-[0030]: communicating, by the system, the encrypted data through the secure channel (i.e. encrypted communication channel) to the one or more trusted agents (i.e. one or more service processes), wherein the Trusted Manager TXE (i.e. inner enclave) is configured to obtain the key for accessing the encrypted data (i.e. obtains the decryption key) from the Trusted Agent TXE (i.e. key manager) after successful attestation to the Trusted Agent TXE).
Neither Nesher or Horovitz discloses the remaining limitations of claims 42 and 57 as follows: 
the program call comprising cleartext issued by a client process
wherein the inner enclave is configured to obtain a decryption key from a key manager for decrypting the ciphertext back to cleartext
However, in the same field of endeavor, Karagiannis discloses the remaining limitations of claims 42 and 57 as follows:
the program call comprising cleartext issued by a client process (paras. [0008], [0029], [0040], [0090]: system/program calls issued from a child middlebox/enclave (i.e. child process) are processed in the clear (i.e. as cleartext) by being generated and then encrypted prior to being moved to DRAM (i.e. program call comprises cleartext prior to being encrypted)
wherein the inner enclave is configured to obtain a decryption key from a key manager for decrypting the ciphertext back to cleartext (paras. [0037]-[0038], [0040]-[0041]: middlebox/enclave (i.e. inner enclave) obtains a security for decrypting encrypted text (i.e. for decrypting the ciphertext back to cleartext) from a client (i.e. key manager))
Karagiannis is combinable with Horovitz and Nesher because all three are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Karagiannis’ method of obtaining decryption keys for decrypting ciphertext back to cleartext with the system of Horovitz and Nesher in order to enable the enclave to decrypt and verify the authenticity of the data it receives.

Regarding claims 43 and 58, Nesher and Horovitz disclose the limitations of the method of claim 41 and the system of claim 56.
Nesher discloses the limitations of claims 43 and 58 as follows:
further comprising: 
receiving, at the data processing hardware, a program call from the inner enclave through the encrypted communication tunnel, the program call comprising ciphertext (paras. [0018], [0023]-[0024], [0027], [0030]: receiving, at the system, calls from user programs for Threads from Trusted Manager 205 (i.e. inner enclave) through secure communication channels (i.e. encrypted communication tunnels), the calls/communications comprising encrypted information/ciphertext); 
obtaining, by the data processing hardware, a decryption key from a key manager after success attestation to the key manager (paras. [0029]-[0030]: obtaining, by the system, keys for encrypting and decrypting information transmitted over the secure channel from trusted manager TXE (i.e. key manager) after successful attestation to the trusted manager/key manager); 
Neither Nesher or Horovitz disclose the remaining limitations of claims 43 and 58 as follows:
obtaining a decryption key for decrypting the ciphertext to cleartext; and 
and communicating, by the data processing hardware, the cleartext to a client process interfacing with the enclave sandbox through the external network.
However, in the same field of endeavor, Karagiannis discloses the remaining limitations of claims 43 and 58 as follows:
obtaining a decryption key for decrypting the ciphertext to cleartext (paras. [0037]-[0038], [0040]-[0041]: obtaining the security key for decrypting encrypted text (i.e. decrypting ciphertext to cleartext)); and 
and communicating, by the data processing hardware, the cleartext to a client process interfacing with the enclave sandbox through the external network (paras. [0027], [0030], [0040], [0044]: communicating, by the network equipment of the enclave, the decrypted information/cleartext to a middlebox function of a client middlebox/enclave (i.e. client process interfacing with the enclave sandbox) through the network external to the trusted agents).
Karagiannis is combinable with Horovitz and Nesher because all three are from the same field of endeavor of employing enclaves to protect against attacks.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Karagiannis’ method of obtaining decryption keys for decrypting ciphertext back to cleartext with the system of Horovitz and Nesher in order to enable the enclave to decrypt and verify the authenticity of the data it receives.

Regarding claims 44 and 59, Nesher, Horovitz and Karagiannis disclose the limitations of the method of claims 41 and 43 and the system of claims 56 and 58.
Nesher and Karagiannis disclose the limitations of claims 44 and 59 as follows:
wherein the inner enclave (Nesher: trusted manager 205) is configured to: 
receive the program call issued by the service process(Nesher, paras. [0023], [0027]-[0029], [0031]: receiving calls from user programs of the one or more applications of the trusted agents including Agent Thread and Application Threads (i.e. form the one or more service processes) through the memory providing the infrastructure/interface, the calls from the user programs unencrypted until a Diffie-Hellman type exchange is received (i.e. comprises cleartext)), the program call comprising cleartext (Karagiannis, paras. [0008], [0029], [0040], [0090]: system/program calls on the enclave are processed in the clear (i.e. as cleartext) by being generated and then encrypted prior to being moved to DRAM (i.e. program call comprises cleartext prior to being encrypted); 
encrypt the cleartext into the ciphertext using an encryption key (Nesher, paras. [0029]-[0030]: encrypting information/cleartext into encrypted information (i.e. ciphertext) using a Diffie-Hellman type key for encryption); and 
communicate the ciphertext though the encrypted communication tunnel to the outer enclave (Nesher, paras. [0029]-[0030]: communicating the encrypted information through the secure channel to trusted manager 206 (i.e. outer enclave) and trusted manager TXE 205).
It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Karagiannis’ method of generating program calls in the clear before encrypting them with the system of Horovitz and Nesher in order to enable the enclaves to read, authenticate and evaluate the information in the program calls so that the enclaves can perform functions upon the information in the program calls that could not be performed if the data in the calls were encrypted and unreadable by the enclaves.
Conclusion
For the above-stated reasons, claims 31-60 are rejected.
Prior art considered but not relied upon includes:
	1) Gray (US 2018/0330077) generating an enclave pool of enclaves with cryptlets that are transmitted between the enclaves using secure channels created by key pairs that are stored in key vaults (paras. [0019], [0048], [0062], [0078], [0091]).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571) 272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHARON S LYNCH/Primary Examiner, Art Unit 2438