Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/15/2022 has been entered.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/16/2022 and 05/02/2022 were filed after the mailing date of the Final Rejection on 11/15/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
DETAILED ACTION
This Office Action is in response to a Request for Continued Examination (RCE) application received on 03/15/2022. In the RCE, applicant has amended claims 1, 6-7, 9, 27, 30, 33-34, 36, 40 and 42-43. Claims 3-5, 13-26, 28-29, 32 and 38 have been cancelled. Claims 44-49 have been added as new claims. Claims 2, 8, 10-12, 35, 37, 39 and 41 remain original. 
For this Office Action, claims 1-2, 6-12, 27, 30-31, 33-37 and 39-49 have been received for consideration and have been examined.

Response to Arguments
Claim Rejections – 35 USC § 112(a)
	Applicant’s cancellation of limitations in independent claims have overcome the 35 USC § 112(a) rejection and therefore this rejection has been withdrawn.
Claim Rejections – 35 USC § 112(b)
	Applicant’s cancellation of limitations in independent claims have overcome the 35 USC § 112(b) rejection and therefore this rejection has been withdrawn. However, upon further consideration, independent claims are still rejected as being indefinite. See Office Action for details. 
Claim Rejections – 35 USC § 103
Applicant’s arguments, filed 03/15/2022, with respect to the rejection(s) of claim(s) under 35 USC § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of new amendments to the claims.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The claims 42-43 in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f), is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f):
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f), is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f), is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f), except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f), except as otherwise indicated in an Office action.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 1-2, 6-12, 27, 30-31, 33-37 and 39-49 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Independent claim 1 preamble recites “A client device comprising: memory; and one or more processors coupled to the memory, the one or more processors configured to perform operations comprising”. Claim 1 further recites in third limitation “provision the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment …”. 
Examiner notes that the claim is drafted from the point of ‘a client device processor’ executing the step(s) of provisioning the trusted execution environment in absence of a secure channel between the client device and the trusted execution environment, however, after consulting the instant specification in light of Figure 3 paragraphs [0054-0057], examiner notes that the provisioning of the trusted execution environment actions are being performed by the “Server-Side TEE Provision Logic 312” inside a “Distributed Computing System 308” instead of by the Client Device as claimed. 
Therefore, the scope of the claim is unclear with respect to the claimed “provision the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment …” step and its further actions because this step and its actions are outside the scope of claimed client device processor since this step and further actions are not performed by the client device. In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989), MPEP 2173.02 (III)(B)) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process”.
Independent claim 27 preamble recites “A method performed using at least one processor of a client device, the method comprising”. Claim 27 further recites in third limitation “provisioning the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment”.
 Examiner notes that the claim is drafted from the point of ‘a client device processor’ executing the step(s) of provisioning the trusted execution environment in absence of a secure channel between the client device and the trusted execution environment, however, after consulting the instant specification in light of Figure 3 paragraphs [0054-0057], examiner notes that the provisioning of the trusted execution environment actions are being performed by the “Server-Side TEE Provision Logic 312” inside a “Distributed Computing System 308” instead of by the Client Device as claimed. 
Therefore, the scope of the claim is unclear with respect to the claimed “provisioning the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment …” step and its further actions because this step and its actions are outside the scope of claimed client device processor since this step and further actions are not performed by the client device. In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989), MPEP 2173.02 (III)(B)) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process”.
Independent claim 40 preamble recites “A computer program product comprising a computer-readable device having instructions recorded thereon for enabling a processor-based system to perform steps, the steps comprising”. Claim 40 further recites in third limitation “provision the trusted execution environment with secret information, including at least one of data or software code, in absence of a secure channel between the processor-based system and the trusted execution environment …”.
Examiner notes that the claim is drafted from the point of ‘a computer program product comprising a computer-readable device’ executing the step(s) of provisioning the trusted execution environment in absence of a secure channel between the client device and the trusted execution environment, however, after consulting the instant specification in light of Figure 3 paragraphs [0054-0057], examiner notes that the provisioning of the trusted execution environment actions are being performed by the “Server-Side TEE Provision Logic 312” inside a “Distributed Computing System 308” instead of by the Client Device as claimed. 
Therefore, the scope of the claim is unclear with respect to the claimed “provision the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment …” step and its further actions because this step and its actions are outside the scope of claimed client device processor since this step and further actions are not performed by the client device. In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989), MPEP 2173.02 (III)(B)) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process”.
Independent claim 42 preamble recites “A client device comprising”. Claim 42 further recites in third limitation “means for provisioning the trusted execution environment with secret information, including at least one of data or software code, in absence of a secure channel between the client device and the trusted execution environment …”.
Examiner notes that the claim is drafted from the point of ‘a client device’ executing the step(s) of provisioning the trusted execution environment in absence of a secure channel between the client device and the trusted execution environment, however, after consulting the instant specification in light of Figure 3 paragraphs [0054-0057], examiner notes that the provisioning of the trusted execution environment actions are being performed by the “Server-Side TEE Provision Logic 312” inside a “Distributed Computing System 308” instead of by the Client Device as claimed. 
Therefore, the scope of the claim is unclear with respect to the claimed “means for provisioning the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment …” step and its further actions because this step and its actions are outside the scope of claimed client device processor since this step and further actions are not performed by the client device. In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989), MPEP 2173.02 (III)(B)) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process”.
Claims 42-43 limitations “means for establishing … ”, “means for provisioning …“ and “means for using …” have been interpreted under 35 U.S.C. 112(f), because it uses “means for establishing … ”, “means for provisioning …“ and “means for using …” without reciting sufficient structure to achieve the function. Furthermore, the “means for” is not preceded by a structural modifier. 
Since the claim limitation(s) invokes 35 U.S.C. 112(f), claim(s) 42-43 have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof. 
A review of the specification shows that the specification fails to clearly link or associate the disclosed structure, material, or acts to the claimed function such that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function. 
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f), applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f), or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f). 
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).
	Dependent claims inherit these deficiencies.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 7-11, 27, 30-31, 34-37 and 40-43 are rejected under 35 U.S.C. 103 as being unpatentable over Baumann et al., (US20130151846A1) in view of Smith., (US20140096182A1).
Regarding claim 1, Baumann discloses:
	A client device (See FIG. 2; i.e. computing system 200) comprising: 
memory; and one or more processors coupled to the memory, the one or more processors configured to perform operations comprising: 
establish a chain of trust (see [0043-0044] i.e. attestation certificate) from a trusted execution environment (see [0043-0044] i.e. a request from the client system 112) to a platform (see [0043-0044] i.e. secure execution environment) based at least in part on receipt of measurements (see [0048] i.e. an identifier for the loader module) of the trusted execution environment, which are signed with a platform signing key (See [0028-0029] i.e. a public key/private key of the security-enabled processor of the secure execution environment) of the platform, from the platform (See FIGS. 1 & 4; [0028] The identifier may include a digest, such as a hash, of the activation state of the protected memory area. The identifier may include a public key that the security-enabled processor used to decrypt the contents placed into the protected memory area in the activation state. The identifier may be some other identifier that identifies the activation state; [0029] The signed attestation certificate is transmitted to the client system and therefore enables the client system to verify, using a known public key of the security-enabled processor that corresponds to the private key of the security-enabled processor; [0043] The set-up module 110 receives a request from the client system 112, via network 114, to establish a secure execution environment on the application hosting service 102 …  The request is accompanied by an indication of a loader module 116 and one or more parameters 118. The indication of the loader module 116 may be an identifier for the loader module 116; [0044] The set-up module 110 causes, in response to receipt of the request, the security-enabled processor 106 to instantiate a protected memory area 120, which is a hardware-protected memory area, within memory 104; [0048] An instance of the loader module 116 executes on the security-enabled processor and causes the processor to create an attestation certificate 124 signed by a security-enabled processor (SEP) private key 126 … so long as the security-enabled processor 106 is physically intact, an entity receiving the attestation certificate 124 can have a high degree of confidence that the signed attestation certificate 124 is signed by the security-enabled processor 106; [0049] The attestation certificate 124 may include, among other things, the identifier 122. The loader module 116 then transmits the attestation certificate to the client system 112), 
the measurements indicating attributes of the trusted execution environment, which is hosted by a distributed computing system coupled to the client device ([0047] The identifier may be, in various embodiments, a digest—such as a hash—of the contents of the protected memory area 120 in the activation state. The identifier may be a public key corresponding to a private key that was used to sign the software stored in the protected memory area 120; [0088] At 422, the loader module and/or the application hosting service transmits one or more trust certificates, such as TA certificate 132 and intermediate certificates 134 that collectively vouch for the identity of the security-enabled processor and/or indicate that the security-enabled processor is secure); and 
customize the trusted execution environment with the information based at least in part on the chain of trust in response to the trusted execution environment being launched from a template (See [0090] i.e. one or more application components to be executed is construed as a template), which is associated with an operating system  that is configured to execute on the platform ([0089] At 424, the loader module receives an authorization message from the client system; [0090] At 426, the loader module obtains one or more application components to be executed in the secure execution environment).
 Baumann explicitly fails to disclose:
	provision the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment.
However, Smith discloses:
	provision the trusted execution environment with at least one policy in absence of a secure channel (i.e., launch of the TEE by the service provider at the service provider based on the client policy is interpreted as provisioning the TEE in absence of a secure channel) between the client device and the trusted execution environment (See FIG. 6; [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider. At block 604, the service provider can consider the policy and produce a proof showing that it has the ability to host the client's workload (i.e., to perform the trusted task; [0085] At block 611, the service provider may instantiate (construct) compartments in its TEE for data and code specified by the client's policy; [0086] At block 613, each compartment within the service provider TEE may perform a trusted launch).
	It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann reference and include a system and method of distributed trust computing, as disclosed by Smith.
	The motivation to include the system and method of distributed trust computing is to perform trusted tasks on the distributed computing system based on client defined security policies.
Regarding claim 2, the combination of Baumann and Smith discloses:
The client device of claim 1, wherein the one or more processors are configured to establish the chain of trust from the trusted execution environment to the platform by using a public key that corresponds to the platform signing key to verify that the measurements are signed with the platform signing key (Baumann: [0054-0055] discloses process of creating chain of trust using public/private keys between the client system and application hosting service).
Regarding claim 7, the combination of Baumann and Smith discloses:
The client device of claim 1, wherein the one or more processors are configured to perform the operations comprising: provision the trusted execution environment with secret information in absence of the secure channel between the client device and the trusted execution environment based at least in part on the chain of trust, the secret information including at least one of data or software code (See Smith: FIG. 6; [0085] discloses at block 611 where service provider launches the TEE according to client’s sealed data encryption keys which is construed as the secret information).
Regarding claim 8, the combination of Baumann and Smith discloses:
The client device of claim 7, wherein the one or more processors are configured to perform the operations comprising: encrypt the secret information with a secret import key that is received from the trusted execution environment, the secret import key corresponding to a private key that is usable by the trusted execution environment to decrypt the secret information (See Smith: FIG. 6; [0085-0087] discloses where client seals the compartment [secret information] with compartment keys which is used by service provider to decrypt the compartment at the TEE launch event).
Regarding claim 9, the combination of Baumann and Smith discloses:
The client device of claim 7, wherein the one or more processors are configured to perform the operations comprising:
determine whether to provision the trusted execution environment with the secret information based at least in part on whether the client device receives confirmation from the trusted execution environment that the trusted execution environment has received the at least one policy from the client device; and provision the trusted execution environment with the secret information in absence of the secure channel between the client device and the trusted execution environment based at least in part on receipt of the confirmation from the trusted execution environment that the trusted execution environment has received the at least one policy from the client device (See Smith: FIG. 6 in [0082-0087] in blocks 602-613 discloses receiving by the service provider the policy from the client device and launching the compartment [secret information] in the service provider TEE according to the client policy).
Regarding claim 10, the combination of Baumann and Smith discloses:
The client device of claim 9, wherein the confirmation includes the at least one policy (See Smith [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider).
Regarding claim 11, the combination of Baumann and Smith discloses:
The client device of claim 1, wherein the one or more processors are configured to perform the operations comprising: request auditing information from the trusted execution environment, the auditing information indicating a detected state of the trusted execution environment; determine whether to provision the trusted execution environment with additional information based at least in part on whether the detected state and a reference state are same; and provision the trusted execution environment with the additional information in absence of the secure channel between the client device and the trusted execution environment to further customize the trusted execution environment with the additional information based at least in part on the detected state and the reference state being the same (See Smith: FIG. 6; [0083-0084] discloses performing attestation between the client device and service provider showing a proof by the service provider that it has the ability to host the client's workload (i.e., to perform the trusted task)).
 Regarding claim 27, Baumann discloses:
A method performed using at least one processor of a client device, the method comprising:
establishing a chain of trust (see [0043-0044] i.e. attestation certificate) from a trusted execution environment (see [0043-0044] i.e. a request from the client system 112) to a platform (see [0043-0044] i.e. secure execution environment) based at least in part on receipt of measurements (see [0048] i.e. an identifier for the loader module) of the trusted execution environment, which are signed with a platform signing key (See [0028-0029] i.e. a public key/private key of the security-enabled processor of the secure execution environment) of the platform, from the platform (See FIGS. 1 & 4; [0028] The identifier may include a digest, such as a hash, of the activation state of the protected memory area. The identifier may include a public key that the security-enabled processor used to decrypt the contents placed into the protected memory area in the activation state. The identifier may be some other identifier that identifies the activation state; [0029] The signed attestation certificate is transmitted to the client system and therefore enables the client system to verify, using a known public key of the security-enabled processor that corresponds to the private key of the security-enabled processor; [0043] The set-up module 110 receives a request from the client system 112, via network 114, to establish a secure execution environment on the application hosting service 102 …  The request is accompanied by an indication of a loader module 116 and one or more parameters 118. The indication of the loader module 116 may be an identifier for the loader module 116; [0044] The set-up module 110 causes, in response to receipt of the request, the security-enabled processor 106 to instantiate a protected memory area 120, which is a hardware-protected memory area, within memory 104; [0048] An instance of the loader module 116 executes on the security-enabled processor and causes the processor to create an attestation certificate 124 signed by a security-enabled processor (SEP) private key 126 … so long as the security-enabled processor 106 is physically intact, an entity receiving the attestation certificate 124 can have a high degree of confidence that the signed attestation certificate 124 is signed by the security-enabled processor 106; [0049] The attestation certificate 124 may include, among other things, the identifier 122. The loader module 116 then transmits the attestation certificate to the client system 112), 
the measurements indicating attributes of the trusted execution environment, which is hosted by a distributed computing system coupled to the client device ([0047] The identifier may be, in various embodiments, a digest—such as a hash—of the contents of the protected memory area 120 in the activation state. The identifier may be a public key corresponding to a private key that was used to sign the software stored in the protected memory area 120; [0088] At 422, the loader module and/or the application hosting service transmits one or more trust certificates, such as TA certificate 132 and intermediate certificates 134 that collectively vouch for the identity of the security-enabled processor and/or indicate that the security-enabled processor is secure); and 
customize the trusted execution environment with the information based at least in part on the chain of trust in response to the trusted execution environment being launched from a template (See [0090] i.e. one or more application components to be executed is construed as a template), which is associated with an operating system  that is configured to execute on the platform ([0089] At 424, the loader module receives an authorization message from the client system; [0090] At 426, the loader module obtains one or more application components to be executed in the secure execution environment).
Baumann explicitly fails to disclose:
	provisioning the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment.
However, Smith discloses:
	provisioning the trusted execution environment with at least one policy in absence of a secure channel (i.e., launch of the TEE by the service provider at the service provider based on the client policy is interpreted as provisioning the TEE in absence of a secure channel) between the client device and the trusted execution environment (See FIG. 6; [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider. At block 604, the service provider can consider the policy and produce a proof showing that it has the ability to host the client's workload (i.e., to perform the trusted task; [0085] At block 611, the service provider may instantiate (construct) compartments in its TEE for data and code specified by the client's policy; [0086] At block 613, each compartment within the service provider TEE may perform a trusted launch).
	It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann reference and include a system and method of distributed trust computing, as disclosed by Smith.
	The motivation to include the system and method of distributed trust computing is to perform trusted tasks on the distributed computing system based on client defined security policies. 
Regarding claim 30, the combination of Baumann and Smith discloses:
The method of claim 27, wherein the distributed computing system provides a cloud service; and wherein the one or more processors are configured to perform the operations further comprising:
use cryptographic communications to exclude entities other than the client device from knowing the information and to exclude the other entities from manipulating the information, the other entities including a provider of the cloud service (Baumann: [0005]).
Regarding claim 31, the combination of Baumann and Smith discloses:
The method of claim 27, wherein provisioning the trusted execution environment comprises:
securely provision the trusted execution environment with the information (Baumann: [0089-0090]).
Regarding claim 34, the combination of Baumann and Smith discloses:
The method of claim 27, wherein provisioning the trusted execution environment comprises: provisioning the trusted execution environment with secret information in absence of the secure channel between the client device and the trusted execution environment based at least in part on the chain of trust, the secret information including at least one of data or software code (See Smith: FIG. 6; [0085] discloses at block 611 where service provider launches the TEE according to client’s sealed data encryption keys which is construed as the secret information).
Regarding claim 35, the combination of Baumann and Smith discloses:
The method of claim 34, further comprising: encrypting the secret information with a secret import key that is received from the trusted execution environment, the secret import key corresponding to a private key that is usable by the trusted execution environment to decrypt the secret information (See Smith: FIG. 6; [0085-0087] discloses where client seals the compartment [secret information] with compartment keys which is used by service provider to decrypt the compartment at the TEE launch event).
Regarding claim 36, the combination of Baumann and Smith discloses:
The method of claim 34, further comprising: determining whether to provision the trusted execution environment with the secret information based at least in part on whether the client device receives confirmation from the trusted execution environment that the trusted execution environment has received the at least one policy from the client device; and wherein provisioning the trusted execution environment comprises: provisioning the trusted execution environment with the secret information in absence of the secure channel between the client device and the trusted execution environment based at least in part on receipt of the confirmation from the trusted execution environment that the trusted execution environment has received the at least one policy from the client device (See Smith: FIG. 6 in [0082-0087] in blocks 602-613 discloses receiving by the service provider the policy from the client device and launching the compartment [secret information] in the service provider TEE according to the client policy).
Regarding claim 37, the combination of Baumann and Smith discloses:
The method of claim 36, wherein the confirmation includes the at least one policy (See Smith [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider).
Regarding claim 40, Baumann discloses:
A computer program product comprising a computer-readable device having instructions recorded thereon for enabling a processor-based system to perform steps, the steps comprising:
establish a chain of trust (see [0043-0044] i.e. attestation certificate) from a trusted execution environment (see [0043-0044] i.e. a request from the client system 112) to a platform (see [0043-0044] i.e. secure execution environment) based at least in part on receipt of measurements (see [0048] i.e. an identifier for the loader module) of the trusted execution environment, which are signed with a platform signing key (See [0028-0029] i.e. a public key/private key of the security-enabled processor of the secure execution environment) of the platform, from the platform (See FIGS. 1 & 4; [0028] The identifier may include a digest, such as a hash, of the activation state of the protected memory area. The identifier may include a public key that the security-enabled processor used to decrypt the contents placed into the protected memory area in the activation state. The identifier may be some other identifier that identifies the activation state; [0029] The signed attestation certificate is transmitted to the client system and therefore enables the client system to verify, using a known public key of the security-enabled processor that corresponds to the private key of the security-enabled processor; [0043] The set-up module 110 receives a request from the client system 112, via network 114, to establish a secure execution environment on the application hosting service 102 …  The request is accompanied by an indication of a loader module 116 and one or more parameters 118. The indication of the loader module 116 may be an identifier for the loader module 116; [0044] The set-up module 110 causes, in response to receipt of the request, the security-enabled processor 106 to instantiate a protected memory area 120, which is a hardware-protected memory area, within memory 104; [0048] An instance of the loader module 116 executes on the security-enabled processor and causes the processor to create an attestation certificate 124 signed by a security-enabled processor (SEP) private key 126 … so long as the security-enabled processor 106 is physically intact, an entity receiving the attestation certificate 124 can have a high degree of confidence that the signed attestation certificate 124 is signed by the security-enabled processor 106; [0049] The attestation certificate 124 may include, among other things, the identifier 122. The loader module 116 then transmits the attestation certificate to the client system 112), 
the measurements indicating attributes of the trusted execution environment, which is hosted by a distributed computing system coupled to the client device ([0047] The identifier may be, in various embodiments, a digest—such as a hash—of the contents of the protected memory area 120 in the activation state. The identifier may be a public key corresponding to a private key that was used to sign the software stored in the protected memory area 120; [0088] At 422, the loader module and/or the application hosting service transmits one or more trust certificates, such as TA certificate 132 and intermediate certificates 134 that collectively vouch for the identity of the security-enabled processor and/or indicate that the security-enabled processor is secure); and 
customize the trusted execution environment with the information based at least in part on the chain of trust in response to the trusted execution environment being launched from a template (See [0090] i.e. one or more application components to be executed is construed as a template), which is associated with an operating system  that is configured to execute on the platform ([0089] At 424, the loader module receives an authorization message from the client system; [0090] At 426, the loader module obtains one or more application components to be executed in the secure execution environment).
Baumann explicitly fails to disclose:
	provision the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment.
However, Smith discloses:
	provision the trusted execution environment with at least one policy in absence of a secure channel (i.e., launch of the TEE by the service provider at the service provider based on the client policy is interpreted as provisioning the TEE in absence of a secure channel) between the client device and the trusted execution environment (See FIG. 6; [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider. At block 604, the service provider can consider the policy and produce a proof showing that it has the ability to host the client's workload (i.e., to perform the trusted task; [0085] At block 611, the service provider may instantiate (construct) compartments in its TEE for data and code specified by the client's policy; [0086] At block 613, each compartment within the service provider TEE may perform a trusted launch).
	It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann reference and include a system and method of distributed trust computing, as disclosed by Smith.
	The motivation to include the system and method of distributed trust computing is to perform trusted tasks on the distributed computing system based on client defined security policies.
 Regarding claim 41, the combination of Baumann and Smith discloses:
The computer program product of claim 40, wherein the steps comprise: provision the trusted execution environment with at least one policy in absence of the secure channel between the processor-based system and the trusted execution environment based at least in part on the chain of trust (See FIG. 6; [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider. At block 604, the service provider can consider the policy and produce a proof showing that it has the ability to host the client's workload (i.e., to perform the trusted task; [0085] At block 611, the service provider may instantiate (construct) compartments in its TEE for data and code specified by the client's policy; [0086] At block 613, each compartment within the service provider TEE may perform a trusted launch).
Regarding claim 42, Baumann discloses:
A client device:
means for establish a chain of trust (see [0043-0044] i.e. attestation certificate) from a trusted execution environment (see [0043-0044] i.e. a request from the client system 112) to a platform (see [0043-0044] i.e. secure execution environment) based at least in part on receipt of measurements (see [0048] i.e. an identifier for the loader module) of the trusted execution environment, which are signed with a platform signing key (See [0028-0029] i.e. a public key/private key of the security-enabled processor of the secure execution environment) of the platform, from the platform (See FIGS. 1 & 4; [0028] The identifier may include a digest, such as a hash, of the activation state of the protected memory area. The identifier may include a public key that the security-enabled processor used to decrypt the contents placed into the protected memory area in the activation state. The identifier may be some other identifier that identifies the activation state; [0029] The signed attestation certificate is transmitted to the client system and therefore enables the client system to verify, using a known public key of the security-enabled processor that corresponds to the private key of the security-enabled processor; [0043] The set-up module 110 receives a request from the client system 112, via network 114, to establish a secure execution environment on the application hosting service 102 …  The request is accompanied by an indication of a loader module 116 and one or more parameters 118. The indication of the loader module 116 may be an identifier for the loader module 116; [0044] The set-up module 110 causes, in response to receipt of the request, the security-enabled processor 106 to instantiate a protected memory area 120, which is a hardware-protected memory area, within memory 104; [0048] An instance of the loader module 116 executes on the security-enabled processor and causes the processor to create an attestation certificate 124 signed by a security-enabled processor (SEP) private key 126 … so long as the security-enabled processor 106 is physically intact, an entity receiving the attestation certificate 124 can have a high degree of confidence that the signed attestation certificate 124 is signed by the security-enabled processor 106; [0049] The attestation certificate 124 may include, among other things, the identifier 122. The loader module 116 then transmits the attestation certificate to the client system 112), 
the measurements indicating attributes of the trusted execution environment, which is hosted by a distributed computing system coupled to the client device ([0047] The identifier may be, in various embodiments, a digest—such as a hash—of the contents of the protected memory area 120 in the activation state. The identifier may be a public key corresponding to a private key that was used to sign the software stored in the protected memory area 120; [0088] At 422, the loader module and/or the application hosting service transmits one or more trust certificates, such as TA certificate 132 and intermediate certificates 134 that collectively vouch for the identity of the security-enabled processor and/or indicate that the security-enabled processor is secure); and 
customize the trusted execution environment with the information based at least in part on the chain of trust in response to the trusted execution environment being launched from a template (See [0090] i.e. one or more application components to be executed is construed as a template), which is associated with an operating system  that is configured to execute on the platform ([0089] At 424, the loader module receives an authorization message from the client system; [0090] At 426, the loader module obtains one or more application components to be executed in the secure execution environment).
Baumann explicitly fails to disclose:
	means for provision the trusted execution environment with at least one policy in absence of a secure channel between the client device and the trusted execution environment.
However, Smith discloses:
	means for provision the trusted execution environment with at least one policy in absence of a secure channel (i.e., launch of the TEE by the service provider at the service provider based on the client policy is interpreted as provisioning the TEE in absence of a secure channel) between the client device and the trusted execution environment (See FIG. 6; [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider. At block 604, the service provider can consider the policy and produce a proof showing that it has the ability to host the client's workload (i.e., to perform the trusted task; [0085] At block 611, the service provider may instantiate (construct) compartments in its TEE for data and code specified by the client's policy; [0086] At block 613, each compartment within the service provider TEE may perform a trusted launch).
	It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann reference and include a system and method of distributed trust computing, as disclosed by Smith.
	The motivation to include the system and method of distributed trust computing is to perform trusted tasks on the distributed computing system based on client defined security policies. 
Regarding claim 43, the combination of Baumann and Smith discloses:
The client device of claim 42, wherein the distributed computing system provides a cloud service; and wherein the client device further comprises: means for using cryptographic communications to exclude entities other than the client device from knowing the information and to exclude the other entities from manipulating the information, the other entities including a provider of the cloud service (Baumann: [0005]).
Regarding claim 48, the combination of Baumann and Smith discloses:
The computer program product of claim 40, wherein the steps comprise: provision the trusted execution environment with the data in absence of the secure channel between the processor-based system and the trusted execution environment (Smith: [0084] At block 605 (and assuming that the service provider can adequately host the client's workload), the client may prepare data and code associated with the trusted task for remote execution on the Service Provider's TEE).
Regarding claim 49, the combination of Baumann and Smith discloses:
The computer program product of claim 40, wherein the steps comprise: provision the trusted execution environment with the software code in absence of the secure channel between the processor-based system and the trusted execution environment (See Smith: [0084] The computer program product of claim 40, wherein the steps comprise: provision the trusted execution environment with the software code in absence of the secure channel between the processor-based system and the trusted execution environment).



Claims 6 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Baumann et al., (US20130151846A1) in view of Smith., (US20140096182A1) and further in view of Gallinghouse et al., (US10635820B1).
Regarding claim 6, the combination of Baumann and Smith discloses:
	The client device of claim 1, wherein the one or more processors are configured to perform the operations comprising: provide an update regarding the at least one policy to the trusted execution environment (Smith: See FIG. 6; [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider. At block 604, the service provider can consider the policy and produce a proof showing that it has the ability to host the client's workload (i.e., to perform the trusted task; [0085] At block 611, the service provider may instantiate (construct) compartments in its TEE for data and code specified by the client's policy; [0086] At block 613, each compartment within the service provider TEE may perform a trusted launch).
The combination of Baumann and Smith fails to disclose:
	wherein the update is signed with a policy update key, which corresponds to a public key that is usable by the trusted execution environment to verify that the update is provided by the client device.
However, Gallinghouse discloses:
	wherein the update is signed with a policy update key, which corresponds to a public key that is usable by the trusted execution environment (i.e., merchant device) to verify that the update is provided by the client device (FIG. 3A; Col. 19, Line # 31-37; At 312, the payment service 108 may sign a boot-policy update 150 using a private key 154 to provide a signed boot-policy update 160 for at least one of the first merchant device 112 or the second merchant device 114. The signed boot-policy update(s) 160 may include a signature along with an identifier (e.g., serial number) for the respective device 112/114).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann and Smith references and include a system which provides system policy updates signed with a public/private key pair of the sending entity, as disclosed Gallinghouse.
	The motivation to include Gallinghouse system is to provide trust to the remote device [trusted execution environment] that policy sent by payment service [client device] is trustable and corresponds to the payment service. 
Regarding claim 33, the combination of Baumann and Smith discloses:
The method of claim 27 further comprising:
provide an update regarding the at least one policy to the trusted execution environment (Smith: See FIG. 6; [0083] At block 603, the client may send a policy describing a desired TEE environment and applicable security and/or compartmentalization context to the service provider. At block 604, the service provider can consider the policy and produce a proof showing that it has the ability to host the client's workload (i.e., to perform the trusted task; [0085] At block 611, the service provider may instantiate (construct) compartments in its TEE for data and code specified by the client's policy; [0086] At block 613, each compartment within the service provider TEE may perform a trusted launch).
The combination of Baumann and Smith fails to disclose:
	wherein the update is signed with a policy update key, which corresponds to a public key that is usable by the trusted execution environment to verify that the update is provided by the client device.
However, Gallinghouse discloses:
	wherein the update is signed with a policy update key, which corresponds to a public key that is usable by the trusted execution environment (i.e., merchant device) to verify that the update is provided by the client device (FIG. 3A; Col. 19, Line # 31-37; At 312, the payment service 108 may sign a boot-policy update 150 using a private key 154 to provide a signed boot-policy update 160 for at least one of the first merchant device 112 or the second merchant device 114. The signed boot-policy update(s) 160 may include a signature along with an identifier (e.g., serial number) for the respective device 112/114).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann and Smith references and include a system which provides system policy updates signed with a public/private key pair of the sending entity, as disclosed Gallinghouse.
	The motivation to include Gallinghouse system is to provide trust to the remote device [trusted execution environment] that policy sent by payment service [client device] is trustable and corresponds to the payment service. 

Claims 12 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Baumann et al., (US20130151846A1) in view of Smith., (US20140096182A1) in view of Whitehouse., (US20170295018A1) and further in view of Gallinghouse et al., (US10635820B1).
Regarding claim 12, the combination of Baumann and Smith fails to disclose:
The client device of claim 1, wherein the one or more processors are configured to perform the operations further comprising: encrypt a public portion of a policy update key that is associated with the client device with a public portion of a provisioning encryption key, the policy update key having a private portion that is usable by the client device to sign an update regarding at least one policy that is to be provided to the trusted execution environment, the provisioning encryption key having a private portion that is associated with a plurality of trusted execution environments and that is usable by the trusted execution environment to decrypt the public portion of the policy update key, the plurality of trusted execution environments including the trusted execution environment.
However, Whitehouse discloses:
	encrypt a public portion of a policy update key that is associated with the client device [i.e., device key] with a public portion of a provisioning encryption key [i.e., trusted execution environment key] (See FIG. 3; step 54 discloses device encrypts device public key using server public key)([0024] As indicated by block 54, network switch 12 then encrypts device public key 50 into an encrypted request message 56 (FIG. 1) using a server public key 58 associated with server 14. Additional device information 59 (FIG. 1) also can be encrypted along with device public key 50).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann and Smith reference and include a system and method of securing access to remote device using asymmetric encryption method, as disclosed by Whitehouse.
	The motivation to secure access to remote device using asymmetric encryption method is to increase security leveraging public/private key exchange and verifying that the message/information comes from a particular sender.
The combination of Baumann, Smith and Whitehouse fails to disclose:
	the policy update key having a private portion that is usable by the client device to sign an update regarding at least one policy that is to be provided to the trusted execution environment, the provisioning encryption key having a private portion that is associated with a plurality of trusted execution environments and that is usable by the trusted execution environment to decrypt the public portion of the policy update key, the plurality of trusted execution environments including the trusted execution environment.
However, Gallinghouse discloses:
	the policy update key having a private portion that is usable by the client device to sign an update regarding at least one policy that is to be provided to the trusted execution environment, the provisioning encryption key having a private portion that is associated with a plurality of trusted execution environments and that is usable by the trusted execution environment to decrypt the public portion of the policy update key, the plurality of trusted execution environments including the trusted execution environment (FIG. 3A; Col. 19, Line # 31-37; At 312, the payment service 108 may sign a boot-policy update 150 using a private key 154 to provide a signed boot-policy update 160 for at least one of the first merchant device 112 or the second merchant device 114. The signed boot-policy update(s) 160 may include a signature along with an identifier (e.g., serial number) for the respective device 112/114).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann, Smith and Whitehouse references and include a system which provides system policy updates signed with a public/private key pair of the sending entity, as disclosed Gallinghouse.
	The motivation to include Gallinghouse system is to provide trust to the remote device [trusted execution environment] that policy sent by payment service [client device] is trustable and corresponds to the payment service. 
Regarding claim 39, the combination of Baumann and Smith fails to disclose:
The method of claim 27, further comprising: encrypting a public portion of a policy update key that is associated with the client device with a public portion of a provisioning encryption key, the policy update key having a private portion that is usable by the client device to sign an update regarding at least one policy that is to be provided to the trusted execution environment, the provisioning encryption key having a private portion that is associated with a plurality of trusted execution environments and that is usable by the trusted execution environment to decrypt the public portion of the policy update key, the plurality of trusted execution environments including the trusted execution environment.
However, Whitehouse discloses:
	encrypt a public portion of a policy update key that is associated with the client device [i.e., device key] with a public portion of a provisioning encryption key [i.e., trusted execution environment key] (See FIG. 3; step 54 discloses device encrypts device public key using server public key)([0024] As indicated by block 54, network switch 12 then encrypts device public key 50 into an encrypted request message 56 (FIG. 1) using a server public key 58 associated with server 14. Additional device information 59 (FIG. 1) also can be encrypted along with device public key 50).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann and Smith reference and include a system and method of securing access to remote device using asymmetric encryption method, as disclosed by Whitehouse.
	The motivation to secure access to remote device using asymmetric encryption method is to increase security leveraging public/private key exchange and verifying that the message/information comes from a particular sender.
The combination of Baumann, Smith and Whitehouse fails to disclose:
	the policy update key having a private portion that is usable by the client device to sign an update regarding at least one policy that is to be provided to the trusted execution environment, the provisioning encryption key having a private portion that is associated with a plurality of trusted execution environments and that is usable by the trusted execution environment to decrypt the public portion of the policy update key, the plurality of trusted execution environments including the trusted execution environment.
However, Gallinghouse discloses:
	the policy update key having a private portion that is usable by the client device to sign an update regarding at least one policy that is to be provided to the trusted execution environment, the provisioning encryption key having a private portion that is associated with a plurality of trusted execution environments and that is usable by the trusted execution environment to decrypt the public portion of the policy update key, the plurality of trusted execution environments including the trusted execution environment (FIG. 3A; Col. 19, Line # 31-37; At 312, the payment service 108 may sign a boot-policy update 150 using a private key 154 to provide a signed boot-policy update 160 for at least one of the first merchant device 112 or the second merchant device 114. The signed boot-policy update(s) 160 may include a signature along with an identifier (e.g., serial number) for the respective device 112/114).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann, Smith and Whitehouse references and include a system which provides system policy updates signed with a public/private key pair of the sending entity, as disclosed Gallinghouse.
	The motivation to include Gallinghouse system is to provide trust to the remote device [trusted execution environment] that policy sent by payment service [client device] is trustable and corresponds to the payment service. 

Claims 44-45 are rejected under 35 U.S.C. 103 as being unpatentable over Baumann et al., (US20130151846A1) in view of Smith., (US20140096182A1) and further in view of Gallant et al., (US20150271208A1).
Regarding claim 44, the combination of Baumann and Smith fails to disclose:
The client device of claim 1, wherein the at least one policy includes a requirement that at least one specified condition is satisfied in order for a signature to be applied to information.
However, Gallant discloses:

wherein the at least one policy includes a requirement that at least one specified condition is satisfied (i.e., determining a condition that requires policy update to the remote device such as new operating parameters (e.g. location or temporal ranges), instructions to disable communications, or any other instruction or policy attribute applicable to the application; See [0059]) in order for a signature (i.e., signing of policy update using PU-Script when the above conditions are satisfied; See [0059]) to be applied to information ([0059] Turning now to FIG. 5, steps performed by a CA 31 or managing authority 7 in providing a policy update to one or more devices 10 are shown. At 50, the policy update to be made is determined. For example, the policy may include new operating parameters (e.g. location or temporal ranges), instructions to disable communications, or any other instruction or policy attribute applicable to the application. The CA 31 or managing authority 7 then encodes the policy update in PUM-readable language to generate the PU-script 6 at 52. The policy update is then signed at 54, e.g., by signing the PU-script 6 or entire message 40).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann and Smith references and include A system and method are provided for having a device in a communication system update an operational policy for the device by encoding a policy update, as disclosed by Gallant.
The motivation to include Gallant’s system and method is to securely distribute system security policies depending on the specified conditions.
Regarding claim 45, the combination of Baumann and Smith fails to disclose:
The client device of claim 1, wherein the at least one policy includes a requirement that at least one specified condition is satisfied in order for a signature to be applied to information of a designated type.
However, Gallant discloses: 
wherein the at least one policy includes a requirement that at least one specified condition is satisfied in order for a signature to be applied to information of a designated type ([0059] Turning now to FIG. 5, steps performed by a CA 31 or managing authority 7 in providing a policy update to one or more devices 10 are shown. At 50, the policy update to be made is determined. For example, the policy may include new operating parameters (e.g. location or temporal ranges), instructions to disable communications, or any other instruction or policy attribute applicable to the application. The CA 31 or managing authority 7 then encodes the policy update in PUM-readable language to generate the PU-script 6 at 52. The policy update is then signed at 54, e.g., by signing the PU-script 6 or entire message 40).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann and Smith references and include A system and method are provided for having a device in a communication system update an operational policy for the device by encoding a policy update, as disclosed by Gallant.
The motivation to include Gallant’s system and method is to securely distribute system security policies depending on the specified conditions.

Claims 46-47 are rejected under 35 U.S.C. 103 as being unpatentable over Baumann et al., (US20130151846A1) in view of Smith., (US20140096182A1) and further in view of Galwas., (US20060277409A1).
Regarding claim 46, the combination of Baumann and Smith fails to disclose:
The client device of claim 1, wherein the at least one policy includes a requirement that a specified procedure is to be followed in order to update rules.
However, Galwas discloses:
wherein the at least one policy includes a requirement that a designated signing key (i.e., See FIG. 1; policy list 110 corresponding to signature set 112) is to be used to sign the rules ([0045] Associated with each element of the policy list 110 is a signature set 112, comprising a set of one or more digital signatures. Each of these digital signatures is made with a signing key 114 having a key Id 116; [0055] The purpose of verifying key, of course, is to enable the access processor 120 to verify a signature which has purportedly been made with the signing key 114. Accordingly, the secure processor 100 may execute a particular policy during a given operation on a resource if and only if that policy contains a signature within its signature set 112 that was signed by the signing key 114 that the key Id 116′ identifies).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Baumann and Smith references and include a method and system for securely enforcing a computer policy uses a secure computer resource which includes both data and policy rules to be applied, as disclosed by Galwas.
The motivation to include Galwas’s system and method is to implement secure enforcement of computer policies, and particularly although not exclusively to methods and systems which enable enforcement by means of delegated trust.
Regarding claim 47, the combination of Baumann, Smith and Galwas discloses:
The client device of claim 46, wherein the at least one policy includes a requirement that a designated signing key is to be used to sign the rules (Galwas: 0045] Associated with each element of the policy list 110 is a signature set 112, comprising a set of one or more digital signatures. Each of these digital signatures is made with a signing key 114 having a key Id 116; [0055] The purpose of verifying key, of course, is to enable the access processor 120 to verify a signature which has purportedly been made with the signing key 114. Accordingly, the secure processor 100 may execute a particular policy during a given operation on a resource if and only if that policy contains a signature within its signature set 112 that was signed by the signing key 114 that the key Id 116′ identifies).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED M AHSAN/Patent Examiner, Art Unit 2432                                                                                                                                                                                           06/17/2022