DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claim
2. 	Claims 1-20 are pending. Claims 1, 7, and 14 are in independent forms. 
Priority
3. 	No foreign priority has been claimed. 
Information Disclosure Statement
4. 	The information disclosure statements (IDS's) submitted on 10/26/2020 and 10/22/2022 are in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. 
Drawings
5. 	The drawings filed on 10/26/2020 are accepted.

Claim Objections
6.	Claim 17 is objected to because of the following informalities:  Claim 17 is depending on itself.  Claim cannot depend on itself.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Scruby US Patent Application Publication No. 2019/0149539 (hereinafter Scruby) in view of Khan et al. US Patent Application Publication No. 2016/0344710 (hereinafter Khan).
Regarding claim 1, Scruby discloses a distributed secure communication system, comprising: 			“a third System Control Processor (SCP) subsystem” (Fig. 7, Device B 740) 				“a second SCP subsystem (Fig. 7, Device A 720) that is coupled to the third SCP subsystem via a network” (see Scruby par. 0116, In step 705, user B (or user A) may open an application on device B 740 and use device B's camera to scan the code (e.g., QR code) displayed on device A 720); and a first SCP subsystem (Fig. 7, server 730) that is coupled to the second SCP subsystem and the third SCP subsystem via the network (see Scruby par. 0120, In step 709, the server 730 may verify that the data received from device B 740 corresponds to the data sent to device A 720 (e.g., in step 703), wherein the first SCP subsystem is configured to:
 “identify the second SCP subsystem and, (see Scruby par. 0112, In step 703, the server 730 may generate a challenge code, such as a one-time challenge code. The challenge code may identify and/or be unique to user A's authentication attempt); establish, in response to authenticating the second (see Scruby par. 0111, The server 730 may authenticate user A based on the received credentials. After authenticating user A based on the credentials, the server 730 may determine to request attestation of user A's identity. Accordingly, device A 720 may be authenticated via multi-factor authentication); receive, from the second SCP subsystem, an attestation of an authentication of the third SCP subsystem and, (see Scruby par. 0120, In step 709, the server 730 may verify that the data received from device B 740 corresponds to the data sent to device A 720 (e.g., in step 703). For example, the server 730 may compare the received challenge code to the challenge code the server 730 previously generated. The server 730 may also verify the information identifying user A and/or device A 720. The server 730 may also verify that user B is part of the group of users that can attest to user A's identity. If the information is verified, server 730 may accept the attestation of user A by device B 740);
 but Scruby does not explicitly discloses 
transmit the first signed SCP authentication communication to the second SCP subsystem; receive a second signed SCP authentication communication from the second SCP subsystem and, in response, authenticate the second signed SCP authentication communication using a second public key associated with the second SCP subsystem; (see Khan par. 0040, CASD 158 may be configured to sign any data that is provided by secure element 145 such that other subsystems (e.g., commercial entity subsystem 400) may be able to confirm that such signed data was signed by secure element 145 (e.g., using associated CASD data at commercial entity subsystem 400)); transmit the first signed SCP authentication communication to the second SCP subsystem; (see Khan par. 0069, at step 624 of process 600, processor 102 (e.g., AP 102a) may receive such secure element authorization response data 672 of step 622 and then generate and transmit any suitable Auth Key response data 674 to commercial entity subsystem 400 (e.g., HSM 402). Such Auth Key response data 674 may include the encrypted Auth Keys of step 616 and/or the HMAC_SEP computed at step 617 and/or ECID of step 617, one or more of which may be signed by the SE signature of secure element authorization response data 672 of step 622 (e.g., CASD-SK 158a), and/or CASD-Cert. 158c of secure element response data 662 of step 612 and/or SEID 158f of secure element response data 662 of step 612); receive a second signed SCP authentication communication from the second SCP subsystem and, in response, authenticate the second signed SCP authentication communication using a second public key associated with the second SCP subsystem (see Khan par. 0070, at step 625 of process 600, commercial entity subsystem 400 (e.g., HSM 402) may validate CASD-Cert. 158c, which may be received by commercial entity subsystem 400 as at least a portion of Auth Key response data 674 at step 624 (e.g., a portion of Auth Key response data 674 provided to processor 102 by secure element 145 as at least a portion of secure element response data 662 of step 612). In some embodiments, a root public key that may be used for validating CASD-Cert. 158c may be accessible to commercial entity subsystem 400 (e.g., such a root public key (e.g., CASD-PK 158b or otherwise) may have been provided to commercial entity subsystem 400 as at least a portion of data 656 at step 606 by secure element vendor subsystem 450). Alternatively or additionally, at step 626 of process 600, commercial entity subsystem 400 (e.g., HSM 402) may validate an SE Signature, which may be received by commercial entity subsystem 400 as at least a portion of Auth Key response data 674 at step 624); signed SCP authentication communication (see Khan par. 0040, CASD 158 may be configured to sign any data that is provided by secure element 145 such that other subsystems (e.g., commercial entity subsystem 400) may be able to confirm that such signed data was signed by secure element 145 (e.g., using associated CASD data at commercial entity subsystem 400)); in response, establish a second secure communication channel with the third SCP subsystem without the transmission of signed SCP authentication communications (see Khan par. 0069, At step 620 of process 600, processor 102 (e.g., AP 102a) may generate and transmit secure element authorization request data 670 to secure element 145. Such secure element authorization request data 670 may include any suitable data that may be received by secure element 145 for generating a secure element signature on at least a portion of such data. For example, such secure element authorization request data 670 may include an “Internal Auth” command with the encrypted Auth Keys of step 616 and/or HMAC_SEP computed at step 617 and/or ECID of step 617).							Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	                                                                                    
Regarding claim 2, Scruby in view of Khan discloses the system of claim 1, 			Scruby further discloses wherein the first SCP subsystem is configured to: monitor for SCP subsystems and, in response, identify the second SCP subsystem (see Scruby par. 0131, In step 805, user B may open an application on device B 740 and use device B's camera to scan the code (e.g., QR code) displayed on device A 720. Device B 740 may decode the data encoded in the code. By scanning and decoding the code, device B 740 may access the challenge code from the server 730, server identifier(s), and/or information identifying user A and/or device A 720).
Regarding claim 3, Scruby in view of Khan discloses the system of claim 1, 			Khan further discloses wherein the first SCP subsystem is configured to: retrieve, via a network, the second public key associated with the second SCP subsystem (see Khan par. 0072, an HSM Cert. may be a certified public key, which may be certified by a manufacturer of device 100, and where such a root public key (e.g., an HSM PK) may be included or accessible to code that may have been provided to processor 102 (e.g., SEP 102b) by that manufacturer or otherwise (e.g., prior to step 610), such that processor 102 (e.g., SEP 102b) may properly validate the HSM Cert. and, thus, validate the source of the request for the Auth Key (e.g., commercial entity subsystem 400)).				Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	
Regarding claim 4, Scruby in view of Khan discloses the system of claim 1, 			Scruby further discloses wherein the first SCP subsystem is configured to: transmit, via the first secure communication channel, first control communications with the second SCP subsystem (see Scruby par. 0112, In step 703, the server 730 may generate a challenge code, such as a one-time challenge code. The challenge code may identify and/or be unique to user A's authentication attempt); and transmit, via the second secure communication channel, second control communications with the third SCP subsystem (see Scruby par. 0116, In step 705, user B (or user A) may open an application on device B 740 and use device B's camera to scan the code (e.g., QR code) displayed on device A 720).
Regarding claim 5, Scruby in view of Khan discloses the system of claim 4, 			Scruby further discloses wherein the first SCP subsystem is configured to: transmit, via a first unsecured communication channel, first data communications with the second SCP subsystem (see Scruby par. 0071, The secure applications may have a dual-mode option 540. The dual mode option 540 may present the user with an option to operate the secured application in an unsecured or unmanaged mode); and transmit, via a second unsecured communication channel, second data communications with the third SCP subsystem (see Scruby par. 0071, In an unsecured or unmanaged mode, the secure applications may access data stored in an unsecured data container 542 on the unmanaged partition 512 of the mobile device 502. The data stored in an unsecured data container may be personal data 544. The data stored in an unsecured data container 542 may also be accessed by unsecured applications 548 that are running on the unmanaged partition 512 of the mobile device 502).
Regarding claim 6, Scruby in view of Khan discloses the system of claim 1, 			Khan further discloses wherein the attestation of the authentication of the third SCP subsystem includes: a third public key associated with the third SCP subsystem; and third SCP subsystem communication connection information (see Khan par. 0072, At step 633, process 600 may include commercial entity subsystem 400 (e.g., HSM 402) generating an ephemeral key pair, such as an ephemeral public key ePK and an ephemeral private key eSK. Next, at step 634, process 600 may include commercial entity subsystem 400 sharing such a commercial entity ephemeral public key ePK with secure element 145 as ephemeral public key data 684 (e.g., via the initial secure channel setup at steps 630 and 632)).												Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	
Regarding claim 7, Scruby discloses an Information Handling System (IHS), comprising: 			“a processing system” (Fig. 1, Par. 0031, Each component 103, 105, 107, 109 may be any type of known computer, server, or data processing device);	and a memory system (Fig. 1, Memory 121) that is coupled to the processing system and that includes instructions that, when executed by the processing system, cause the processing system to provide a distributed secure communication engine that is configured to: 										“identify a second System Control Processor (SCP) subsystem and, (see Scruby par. 0112, In step 703, the server 730 may generate a challenge code, such as a one-time challenge code. The challenge code may identify and/or be unique to user A's authentication attempt);  establish, in response to authenticating the second(see Scruby par. 0111, The server 730 may authenticate user A based on the received credentials. After authenticating user A based on the credentials, the server 730 may determine to request attestation of user A's identity. Accordingly, device A 720 may be authenticated via multi-factor authentication); receive a second signed SCP authentication communication from the second SCP subsystem and, (see Scruby par. 0120, In step 709, the server 730 may verify that the data received from device B 740 corresponds to the data sent to device A 720 (e.g., in step 703). For example, the server 730 may compare the received challenge code to the challenge code the server 730 previously generated. The server 730 may also verify the information identifying user A and/or device A 720. The server 730 may also verify that user B is part of the group of users that can attest to user A's identity. If the information is verified, server 730 may accept the attestation of user A by device B 740); receive, from the second SCP subsystem, an attestation of an authentication of the third SCP subsystem and,  (see Scruby par. 0120, In step 709, the server 730 may verify that the data received from device B 740 corresponds to the data sent to device A 720 (e.g., in step 703). For example, the server 730 may compare the received challenge code to the challenge code the server 730 previously generated. The server 730 may also verify the information identifying user A and/or device A 720. The server 730 may also verify that user B is part of the group of users that can attest to user A's identity. If the information is verified, server 730 may accept the attestation of user A by device B 740);				but Scruby does not explicitly discloses ; transmit the first signed SCP authentication communication to the second SCP subsystem; receive a second signed SCP authentication communication from the second SCP subsystem and, in response, authenticate the second signed SCP authentication communication using a second public key associated with the second SCP subsystem; (see Khan par. 0040, CASD 158 may be configured to sign any data that is provided by secure element 145 such that other subsystems (e.g., commercial entity subsystem 400) may be able to confirm that such signed data was signed by secure element 145 (e.g., using associated CASD data at commercial entity subsystem 400)); transmit the first signed SCP authentication communication to the second SCP subsystem; (see Khan par. 0069, at step 624 of process 600, processor 102 (e.g., AP 102a) may receive such secure element authorization response data 672 of step 622 and then generate and transmit any suitable Auth Key response data 674 to commercial entity subsystem 400 (e.g., HSM 402). Such Auth Key response data 674 may include the encrypted Auth Keys of step 616 and/or the HMAC_SEP computed at step 617 and/or ECID of step 617, one or more of which may be signed by the SE signature of secure element authorization response data 672 of step 622 (e.g., CASD-SK 158a), and/or CASD-Cert. 158c of secure element response data 662 of step 612 and/or SEID 158f of secure element response data 662 of step 612); receive a second signed SCP authentication communication from the second SCP subsystem and, in response, authenticate the second signed SCP authentication communication using a second public key associated with the second SCP subsystem (see Khan par. 0070, at step 625 of process 600, commercial entity subsystem 400 (e.g., HSM 402) may validate CASD-Cert. 158c, which may be received by commercial entity subsystem 400 as at least a portion of Auth Key response data 674 at step 624 (e.g., a portion of Auth Key response data 674 provided to processor 102 by secure element 145 as at least a portion of secure element response data 662 of step 612). In some embodiments, a root public key that may be used for validating CASD-Cert. 158c may be accessible to commercial entity subsystem 400 (e.g., such a root public key (e.g., CASD-PK 158b or otherwise) may have been provided to commercial entity subsystem 400 as at least a portion of data 656 at step 606 by secure element vendor subsystem 450). Alternatively or additionally, at step 626 of process 600, commercial entity subsystem 400 (e.g., HSM 402) may validate an SE Signature, which may be received by commercial entity subsystem 400 as at least a portion of Auth Key response data 674 at step 624); signed SCP authentication communication (see Khan par. 0040, CASD 158 may be configured to sign any data that is provided by secure element 145 such that other subsystems (e.g., commercial entity subsystem 400) may be able to confirm that such signed data was signed by secure element 145 (e.g., using associated CASD data at commercial entity subsystem 400)); in response, establish a second secure communication channel with the third SCP subsystem without the transmission of signed SCP authentication communications (see Khan par. 0069, At step 620 of process 600, processor 102 (e.g., AP 102a) may generate and transmit secure element authorization request data 670 to secure element 145. Such secure element authorization request data 670 may include any suitable data that may be received by secure element 145 for generating a secure element signature on at least a portion of such data. For example, such secure element authorization request data 670 may include an “Internal Auth” command with the encrypted Auth Keys of step 616 and/or HMAC_SEP computed at step 617 and/or ECID of step 617).							Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	                                                                            
Regarding claim 8, Scruby in view of Khan discloses the IHS of claim 7, 				Scruby further discloses wherein the distributed secure communication engine is configured to: monitor for SCP subsystems and, in response, identify the second SCP subsystem (see Scruby par. 0131, In step 805, user B may open an application on device B 740 and use device B's camera to scan the code (e.g., QR code) displayed on device A 720. Device B 740 may decode the data encoded in the code. By scanning and decoding the code, device B 740 may access the challenge code from the server 730, server identifier(s), and/or information identifying user A and/or device A 720).
Regarding claim 9, Scruby in view of Khan discloses the IHS of claim 7, 				Khan further discloses wherein the distributed secure communication engine is configured to: retrieve, via a network, the second public key associated with the second SCP subsystem (see Khan par. 0072, an HSM Cert. may be a certified public key, which may be certified by a manufacturer of device 100, and where such a root public key (e.g., an HSM PK) may be included or accessible to code that may have been provided to processor 102 (e.g., SEP 102b) by that manufacturer or otherwise (e.g., prior to step 610), such that processor 102 (e.g., SEP 102b) may properly validate the HSM Cert. and, thus, validate the source of the request for the Auth Key (e.g., commercial entity subsystem 400)). 
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	
Regarding claim 10, Scruby in view of Khan discloses the IHS of claim 7, 				Scruby further discloses wherein the distributed secure communication engine is configured to: transmit, via the first secure communication channel, first control communications with the second SCP subsystem (see Scruby par. 0112, In step 703, the server 730 may generate a challenge code, such as a one-time challenge code. The challenge code may identify and/or be unique to user A's authentication attempt); and transmit, via the second secure communication channel, second control communications with the third SCP subsystem (see Scruby par. 0116, In step 705, user B (or user A) may open an application on device B 740 and use device B's camera to scan the code (e.g., QR code) displayed on device A 720).
Regarding claim 11, Scruby in view of Khan discloses the IHS of claim 10, 				Scruby further discloses wherein the distributed secure communication engine is configured to: transmit, via a first unsecured communication channel, first data communications with the second SCP subsystem (see Scruby par. 0071, The secure applications may have a dual-mode option 540. The dual mode option 540 may present the user with an option to operate the secured application in an unsecured or unmanaged mode);  and transmit, via a second unsecured communication channel, second data communications with the third SCP subsystem (see Scruby par. 0071, In an unsecured or unmanaged mode, the secure applications may access data stored in an unsecured data container 542 on the unmanaged partition 512 of the mobile device 502. The data stored in an unsecured data container may be personal data 544. The data stored in an unsecured data container 542 may also be accessed by unsecured applications 548 that are running on the unmanaged partition 512 of the mobile device 502).
Regarding claim 12, Scruby in view of Khan discloses the IHS of claim 7, 				Khan further discloses wherein the attestation of the authentication of the third SCP subsystem includes: a third public key associated with the third SCP subsystem; and third SCP subsystem communication connection information (see Khan par. 0072, At step 633, process 600 may include commercial entity subsystem 400 (e.g., HSM 402) generating an ephemeral key pair, such as an ephemeral public key ePK and an ephemeral private key eSK. Next, at step 634, process 600 may include commercial entity subsystem 400 sharing such a commercial entity ephemeral public key ePK with secure element 145 as ephemeral public key data 684 (e.g., via the initial secure channel setup at steps 630 and 632)).												Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	
Regarding claim 13, Scruby in view of Khan discloses the IHS of claim 7, 				Scruby further discloses wherein the distributed secure communication engine is configured to: receive, from the third SCP subsystem, an attestation of an authentication of a fourth SCP subsystem (see Scruby par. 0120, In step 709, the server 730 may verify that the data received from device B 740 corresponds to the data sent to device A 720 (e.g., in step 703). For example, the server 730 may compare the received challenge code to the challenge code the server 730 previously generated. The server 730 may also verify the information identifying user A and/or device A 720. The server 730 may also verify that user B is part of the group of users that can attest to user A's identity. If the information is verified, server 730 may accept the attestation of user A by device B 740); and, in response, establish a third secure communication channel with the fourth SCP subsystem without the transmission of signed SCP authentication communications (see Khan par. 0069, At step 620 of process 600, processor 102 (e.g., AP 102a) may generate and transmit secure element authorization request data 670 to secure element 145. Such secure element authorization request data 670 may include any suitable data that may be received by secure element 145 for generating a secure element signature on at least a portion of such data. For example, such secure element authorization request data 670 may include an “Internal Auth” command with the encrypted Auth Keys of step 616 and/or HMAC_SEP computed at step 617 and/or ECID of step 617).	
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	
					
Regarding claim 14, Scruby further discloses a method for providing distributed secure communications, comprising: 									“identifying, by a first System Control Processor (SCP) subsystem, a second SCP subsystem and, (see Scruby par. 0112, In step 703, the server 730 may generate a challenge code, such as a one-time challenge code. The challenge code may identify and/or be unique to user A's authentication attempt);  
establishing, by the first SCP subsystem (see Scruby par. 0111, The server 730 may authenticate user A based on the received credentials. After authenticating user A based on the credentials, the server 730 may determine to request attestation of user A's identity. Accordingly, device A 720 may be authenticated via multi-factor authentication);	receiving, by the first SCP subsystem, a second signed SCP authentication communication from the second SCP subsystem (see Scruby par. 0120, In step 709, the server 730 may verify that the data received from device B 740 corresponds to the data sent to device A 720 (e.g., in step 703). For example, the server 730 may compare the received challenge code to the challenge code the server 730 previously generated. The server 730 may also verify the information identifying user A and/or device A 720. The server 730 may also verify that user B is part of the group of users that can attest to user A's identity. If the information is verified, server 730 may accept the attestation of user A by device B 740);				but Scruby does not explicitly discloses ; transmitting, by the first SCP subsystem, the first signed SCP authentication communication to the second SCP subsystem; receive a second signed SCP authentication communication from the second SCP subsystem and, in response, authenticate the second signed SCP authentication communication using a second public key associated with the second SCP subsystem; third SCP subsystem and, (see Khan par. 0040, CASD 158 may be configured to sign any data that is provided by secure element 145 such that other subsystems (e.g., commercial entity subsystem 400) may be able to confirm that such signed data was signed by secure element 145 (e.g., using associated CASD data at commercial entity subsystem 400)); transmit the first signed SCP authentication communication to the second SCP subsystem; (see Khan par. 0069, at step 624 of process 600, processor 102 (e.g., AP 102a) may receive such secure element authorization response data 672 of step 622 and then generate and transmit any suitable Auth Key response data 674 to commercial entity subsystem 400 (e.g., HSM 402). Such Auth Key response data 674 may include the encrypted Auth Keys of step 616 and/or the HMAC_SEP computed at step 617 and/or ECID of step 617, one or more of which may be signed by the SE signature of secure element authorization response data 672 of step 622 (e.g., CASD-SK 158a), and/or CASD-Cert. 158c of secure element response data 662 of step 612 and/or SEID 158f of secure element response data 662 of step 612); receiving, by the first SCP subsystem from the second SCP subsystem, an attestation of an authentication of a third SCP subsystem and, in response, establishing a second secure communication channel with the third SCP subsystem without the transmission of signed SCP authentication communications (see Khan par. 0070, at step 625 of process 600, commercial entity subsystem 400 (e.g., HSM 402) may validate CASD-Cert. 158c, which may be received by commercial entity subsystem 400 as at least a portion of Auth Key response data 674 at step 624 (e.g., a portion of Auth Key response data 674 provided to processor 102 by secure element 145 as at least a portion of secure element response data 662 of step 612). In some embodiments, a root public key that may be used for validating CASD-Cert. 158c may be accessible to commercial entity subsystem 400 (e.g., such a root public key (e.g., CASD-PK 158b or otherwise) may have been provided to commercial entity subsystem 400 as at least a portion of data 656 at step 606 by secure element vendor subsystem 450). Alternatively or additionally, at step 626 of process 600, commercial entity subsystem 400 (e.g., HSM 402) may validate an SE Signature, which may be received by commercial entity subsystem 400 as at least a portion of Auth Key response data 674 at step 624); signed SCP authentication communication (see Khan par. 0040, CASD 158 may be configured to sign any data that is provided by secure element 145 such that other subsystems (e.g., commercial entity subsystem 400) may be able to confirm that such signed data was signed by secure element 145 (e.g., using associated CASD data at commercial entity subsystem 400)); in response, establish a second secure communication channel with the third SCP subsystem without the transmission of signed SCP authentication communications (see Khan par. 0069, At step 620 of process 600, processor 102 (e.g., AP 102a) may generate and transmit secure element authorization request data 670 to secure element 145. Such secure element authorization request data 670 may include any suitable data that may be received by secure element 145 for generating a secure element signature on at least a portion of such data. For example, such secure element authorization request data 670 may include an “Internal Auth” command with the encrypted Auth Keys of step 616 and/or HMAC_SEP computed at step 617 and/or ECID of step 617).			Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	                                                                            
Regarding claim 15, Scruby in view of Khan discloses the method of claim 14, 			Scruby further discloses monitoring, by the first SCP subsystem, for SCP subsystems and, in response, identifying the second SCP subsystem (see Scruby par. 0131, In step 805, user B may open an application on device B 740 and use device B's camera to scan the code (e.g., QR code) displayed on device A 720. Device B 740 may decode the data encoded in the code. By scanning and decoding the code, device B 740 may access the challenge code from the server 730, server identifier(s), and/or information identifying user A and/or device A 720).
Regarding claim 16, Scruby in view of Khan discloses the method of claim 14, 			Khan further discloses retrieving, by the first SCP subsystem via a network, the second public key associated with the second SCP subsystem (see Khan par. 0072, an HSM Cert. may be a certified public key, which may be certified by a manufacturer of device 100, and where such a root public key (e.g., an HSM PK) may be included or accessible to code that may have been provided to processor 102 (e.g., SEP 102b) by that manufacturer or otherwise (e.g., prior to step 610), such that processor 102 (e.g., SEP 102b) may properly validate the HSM Cert. and, thus, validate the source of the request for the Auth Key (e.g., commercial entity subsystem 400)).						Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	
Regarding claim 17, Scruby in view of Khan discloses the method of claim 14, 			Scruby further discloses transmitting, by the first SCP subsystem via the first secure communication channel, first control communications with the second SCP subsystem (see Scruby par. 0112, In step 703, the server 730 may generate a challenge code, such as a one-time challenge code. The challenge code may identify and/or be unique to user A's authentication attempt); and transmitting, by the first SCP subsystem via the second secure communication channel, second control communications with the third SCP subsystem (see Scruby par. 0116, In step 705, user B (or user A) may open an application on device B 740 and use device B's camera to scan the code (e.g., QR code) displayed on device A 720).
Regarding claim 18, Scruby in view of Khan discloses the method of claim 17, 			Scruby further discloses transmitting, by the first SCP subsystem via a first unsecured communication channel, first data communications with the second SCP subsystem (see Scruby par. 0071, The secure applications may have a dual-mode option 540. The dual mode option 540 may present the user with an option to operate the secured application in an unsecured or unmanaged mode);   and transmitting, by the first SCP subsystem via a second unsecured communication channel, second data communications with the third SCP subsystem (see Scruby par. 0071, In an unsecured or unmanaged mode, the secure applications may access data stored in an unsecured data container 542 on the unmanaged partition 512 of the mobile device 502. The data stored in an unsecured data container may be personal data 544. The data stored in an unsecured data container 542 may also be accessed by unsecured applications 548 that are running on the unmanaged partition 512 of the mobile device 502).
Regarding claim 19, Scruby in view of Khan discloses the method of claim 14, 			Scruby further discloses wherein the attestation of the authentication of the third SCP subsystem includes: a third public key associated with the third SCP subsystem; and third SCP subsystem communication connection information (see Khan par. 0072, At step 633, process 600 may include commercial entity subsystem 400 (e.g., HSM 402) generating an ephemeral key pair, such as an ephemeral public key ePK and an ephemeral private key eSK. Next, at step 634, process 600 may include commercial entity subsystem 400 sharing such a commercial entity ephemeral public key ePK with secure element 145 as ephemeral public key data 684 (e.g., via the initial secure channel setup at steps 630 and 632)).												Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	
Regarding claim 20, Scruby in view of Khan discloses the method of claim 14, 			Scruby further discloses receiving, by the first SCP subsystem from the third SCP subsystem, an attestation of an authentication of a fourth SCP subsystem (see Scruby par. 0120, In step 709, the server 730 may verify that the data received from device B 740 corresponds to the data sent to device A 720 (e.g., in step 703). For example, the server 730 may compare the received challenge code to the challenge code the server 730 previously generated. The server 730 may also verify the information identifying user A and/or device A 720. The server 730 may also verify that user B is part of the group of users that can attest to user A's identity. If the information is verified, server 730 may accept the attestation of user A by device B 740);  and, in response, establishing a third secure communication channel with the fourth SCP subsystem without the transmission of signed SCP authentication communications (see Khan par. 0069, At step 620 of process 600, processor 102 (e.g., AP 102a) may generate and transmit secure element authorization request data 670 to secure element 145. Such secure element authorization request data 670 may include any suitable data that may be received by secure element 145 for generating a secure element signature on at least a portion of such data. For example, such secure element authorization request data 670 may include an “Internal Auth” command with the encrypted Auth Keys of step 616 and/or HMAC_SEP computed at step 617 and/or ECID of step 617).	
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Khan into the system of Scruby to include a controlling authority security domain key configured to sign and/or encrypt certain data on secure element before providing such data to another portion of device (e.g., communications component for sharing with other subsystems of system 1 (see Khan par. 0069).	

Conclusion
9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Luo (US 2020/0326891): discloses In a method for accessing a storage system, a client in the storage system identifies a logical address of a storage device, and queries a management server regarding a mapping between the storage device and a start address of a submission queue (SQ) in the memory of the storage node. The client then sends an access request including the logical address of the storage device directed to the start address of the SQ to a network interface card NIC of the storage node. The NIC receives and sends the access request to the start address of the SQ in the memory. The storage device obtains the access request from the start address of the SQ and executes the access request
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SAMUEL AMBAYE/Examiner, Art Unit 2433                                                                                                                                                                                                        

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436