DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on June 21, 2022.
Status of claims within the present application:
Claims 1 – 20 are pending.
Claims 1, 5, 10 – 11, 14 – 15 and 19 – 20 are amended.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on June 21, 2022 has been entered.

Response to Arguments
Applicant’s arguments, see page [7] of Applicant’s remark filed on June 21, 2022, with respect to claims 1 being interpreted under 35 U.S.C. 112(f), have been fully considered, but they are not persuasive. Therefore, the Applicant is directed to response below: 
Applicant argues that paragraph 12 of the applicant’s specification provides a clear definition for the “TEE instance configured to”. Examiner notes that although the application’s specification does provide examples of the TEE, but the specification uses “such as” which does not constitute a definition for the “TEE instance configured to”. Therefore, the interpretation is still maintained.
Applicant’s arguments, see page [7] of Applicant’s remark filed on June 21, 2022, with respect to claims 1 – 8, 11 – 13, and 15 – 19 that were rejected under 35 U.S.C. 103 as being unpatentable over US 20190140846 A1 to Moore et al., (hereafter, “Moore”) in view of US 9246690 B1 to Roth et al., (hereinafter, “Roth”), have been fully considered, but they are not persuasive. Therefore, the Applicant is directed to response below: 
With respect to independent claims 1, 11, and 19, Applicant’s arguments have been considered but are moot because the new ground of rejection relies on new paragraphs and sections of the reference applied in the prior art rejection of record for any teaching or matter specifically challenged in the argument.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  
Claim 1 recites “a first trusted execution environment ("TEE") instance configured to”.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
 Page [6] Para. [23]: “A TEE instance (e.g., TEE instance 160A) may be a virtual machine, container, enclave, etc. and may include a cloning module (e.g., cloning module 162A). Each TEE instance 160A-C may include a respective cloning module 162A-C. The TEE instance may also include a guest OS, guest memory, a virtual CPU (VCPU), virtual memory devices (VMD), and virtual input/output devices (VI/O). For example, TEE instance 160A may include guest OS 196A, guest memory 195A, a virtual CPU 190A, a virtual memory devices 192A, and virtual input/output device 194A.”
Page [7] Para. [25]: “applications (e.g., App 198A-B) run on a TEE, such as a virtual machine, and may be dependent on the underlying hardware and/or OS 186. In another example, applications 198A-B run on a TEE, such as a virtual machine, and may be independent of the underlying hardware and/or OS 186. For example, applications 198A-B running on a first TEE instance 160A may be dependent on the underlying hardware and/or OS 186 while applications (e.g., application 198C) running on a second TEE instance 160B are independent of the underlying hardware and/or OS 186A. Additionally, applications 198A-B running on TEE instance 160A may be compatible with the underlying hardware and/or OS 186. In an example, applications 198A- B running on a TEE instance 160A may be incompatible with the underlying hardware and/or OS 186.”
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1 – 20 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1, 11 and 19 are amended with “and secure access to the first TEE while the first TEE is running”. Examiner notes that specification does not describe this limitation. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 8, 11 – 13, and 15 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190140846 A1 to Moore et al., (hereafter, “Moore”) in view of US 9246690 B1 to Roth et al., (hereinafter, “Roth”).
Regarding claim 1, Moore teaches a system comprising: a memory; a processor in communication with the memory; [Moore, para. 46 discloses each of client-side TEE provision logic 110 and server-side TEE provision logic 112 may be implemented as computer program code configured to be executed in one or more processors. In another example, each of client-side TEE provision logic 110 and server-side TEE provision logic 112 may be at least partially implemented as hardware logic/electrical circuitry. For instance, each of client-side TEE provision logic 110 and server-side TEE provision logic 112 may be at least partially implemented in a field-programmable gate array (FPGA), an application-specific integrated circuit (ASIC), an application-specific standard product (ASSP), a system-on-a-chip system (SoC), a complex programmable logic device (CPLD), etc. Each SoC may include an integrated circuit chip that includes one or more of a processor (e.g., a microcontroller, microprocessor, digital signal processor (DSP), etc.), memory, one or more communication interfaces, and/or further circuits and/or embedded firmware to perform its functions] and a first trusted execution environment ("TEE") instance configured to: maintain an encrypted secret that is used to launch the first TEE and secure access to the first TEE while the first TEE is running, [Moore, para. 31 discloses the first TEE may establish a second chain of trust from a second TEE to a platform on which an operating system that launched the second TEE runs; Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. The first TEE may provision the second TEE with second information; Para. 61 discloses client device 202 provides the secret information, which is encrypted with the SIKpub, to TEE 206] obtain a cryptographic measurement associated with a second TEE instance, validate the cryptographic measurement, [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the second TEE, which is hosted by a distributed computing system that hosts the first TEE] provision the second TEE instance with the encrypted secret [Moore, para. 129 discloses collaborating with other trusted execution environments in a plurality of trusted execution environments to have a provisioning encryption key provided to each of the plurality of trusted execution environments in accordance with a consensus algorithm. For instance, provision logic 904 may collaborate with the other trusted execution environments to have the provisioning encryption key provided to each of the plurality of trusted execution environments in accordance with the consensus algorithm. The plurality of trusted execution environments includes the first and second trusted execution environments. In accordance with this embodiment, the method of flowchart 800 includes encrypting the information with a public portion of the provisioning encryption key. For instance, provision logic 904 may encrypt the information 928 with the public portion of the provisioning encryption key. The information may be capable of being decrypted with a private portion of the provisioning encryption key by the second trusted execution environment], but Moore does not teach wherein the first TEE instance and the second TEE instance are both configured to service at least a first type of request. 
However, Roth does teach, wherein the first TEE instance and the second TEE instance are both configured to service at least a first type of request. [Roth, col. 8 lines 23 – 28 discloses a trusted user or service may have access to functionality associated with a secure execution environment such as, for example, an authorization to send data to and/or to receive data from a secure execution environment, to instantiate applications within a secure execution environment and/or some another secure execution environment. Col. 8 lines 47 – 50 discloses a first secure execution environment that is not isolated from a second secure execution environment may be considered as trusted with respect to that second secure execution environment]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combing Roth’s system with Moore’s system, with a motivation to allow trusted users and trusted services may access a secure execution environment operating within a computing resource service provider. [Roth, col. 8 lines 15 – 17]

Regarding claim 2, modified Moore teaches the system of claim 1, but Moore does not teach wherein the memory is encrypted memory and the encrypted secret is maintained in the encrypted memory.
However, Roth does teach wherein the memory is encrypted memory and the encrypted secret is maintained in the encrypted memory. [Roth, Col. 16 lines 9 - 19 discloses the bootloader may instantiate an application to receive requests for new keys, store keys within a file, remove keys from the file, and to provide encrypted copies of those cryptographic keys to authorized users. The bootloader may also instantiate a file of preloaded keys that may be stored within the secure execution environment and may only be sent outside the secure execution environment using an encryption schema that may only be decrypted by a user with proper credentials as associated with the secure execution environment.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combing Roth’s system with Moore’s system, with a motivation to allow trusted users and trusted services may access a secure execution environment operating within a computing resource service provider. [Roth, col. 8 lines 15 – 17]

As per claim 3, modified Moore teaches the system of claim 1, wherein the first TEE instance is a virtual machine. [Moore, para. 51 discloses the TEE is an enclave, and the platform is a central processing unit (CPU). In one aspect of this embodiment, the enclave may run on a virtual machine, and the virtual machine may run on the CPU. In another aspect of this embodiment, the enclave may run on a virtual machine; the virtual machine may run on a host operating system (e.g., operating system 208); and the host operating system may run on the CPU. The level of nesting is arbitrary. In another embodiment, a blind hypervisor is used, in which case the virtual machine is the TEE.]

Regarding claim 4, modified Moore teaches the system of claim 3, but Moore does not teach wherein the virtual machine is an encrypted virtual machine.
However, Roth does teach wherein the virtual machine is an encrypted virtual machine. [Roth, col. 17 lines 40 – 47 discloses the computer system operational elements may include computer system images which may include a secure execution environment or may include computer system images which may be configured to create a secure execution environment. The computer system operational elements may include specifications for processes configured to create a secure execution environment using, for example, a device driver and/or or a kernel module. Col. 17 lines 58 – 59 discloses the computer system operational elements 416 may be encrypted]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combing Roth’s system with Moore’s system, with a motivation to allow trusted users and trusted services may access a secure execution environment operating within a computing resource service provider. [Roth, col. 8 lines 15 – 17]

As per claim 5, modified Moore teaches the system of claim 1, wherein obtaining the cryptographic measurement includes at least one of taking the cryptographic measurement or receiving the cryptographic measurement from the second TEE instance. [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the second TEE, which is hosted by a distributed computing system that hosts the first TEE]

As per claim 6, modified Moore teaches the system of claim 1, wherein the cryptographic measurement identifies characteristics of the second TEE instance including at least one of a type of the TEE instance, a version of the TEE instance, and a description of software components loaded into the TEE instance. [Moore, para. 54 discloses the report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report. Examples of a symmetric key-based MAC include but are not limited to keyed-hash MAC (HMAC) and cipher-based MAC (CMAC).]

As per claim 7, modified Moore teaches the system of claim 6, wherein the cryptographic measurement further includes an integrity code to validate the cryptographic measurement. [Moore, para. 54 discloses the report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report. Examples of a symmetric key-based MAC include but are not limited to keyed-hash MAC (HMAC) and cipher-based MAC (CMAC). Para. 43 discloses client-side TEE provision logic 110 may establish a chain of trust from a TEE to a platform based at least in part on receipt of measurements of the TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the TEE. The TEE is hosted by distributed computing system 108.]

As per claim 8, modified Moore teaches the system of claim 1, further comprising an application, the application configured to: launch the first TEE instance; [Moore, para. 4 discloses a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms] send the cryptographic measurement to the first TEE instance; [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the second TEE, which is hosted by a distributed computing system that hosts the first TEE] receive the encrypted secret from the first TEE instance [Moore, para. 31 discloses the first TEE may establish a second chain of trust from a second TEE to a platform on which an operating system that launched the second TEE runs; Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. The first TEE may provision the second TEE with second information; Para. 61 discloses client device 202 provides the secret information, which is encrypted with the SIKpub, to TEE 206] and launch the second TEE instance [Moore, para. 4 discloses a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms] 

Regarding claim 11, Moore teaches a method comprising: maintaining, by a first TEE instance, an encrypted secret that is used to launch the first TEE and secure access to the first TEE while the first TEE is running; [Moore, para. 31 discloses the first TEE may establish a second chain of trust from a second TEE to a platform on which an operating system that launched the second TEE runs; Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. The first TEE may provision the second TEE with second information; Para. 61 discloses client device 202 provides the secret information, which is encrypted with the SIKpub, to TEE 206] obtaining, by the first TEE instance, a cryptographic measurement associated with a second TEE instance; validating, by the first TEE instance, the cryptographic measurement; [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the second TEE, which is hosted by a distributed computing system that hosts the first TEE] provisioning, by the first TEE instance, the second TEE instance with the encrypted secret [Moore, para. 129 discloses collaborating with other trusted execution environments in a plurality of trusted execution environments to have a provisioning encryption key provided to each of the plurality of trusted execution environments in accordance with a consensus algorithm. For instance, provision logic 904 may collaborate with the other trusted execution environments to have the provisioning encryption key provided to each of the plurality of trusted execution environments in accordance with the consensus algorithm. The plurality of trusted execution environments includes the first and second trusted execution environments. In accordance with this embodiment, the method of flowchart 800 includes encrypting the information with a public portion of the provisioning encryption key. For instance, provision logic 904 may encrypt the information 928 with the public portion of the provisioning encryption key. The information may be capable of being decrypted with a private portion of the provisioning encryption key by the second trusted execution environment], but Moore does not teach wherein the first TEE instance and the second TEE instance are configured to service at least a first type of request. 
However, Roth does teach wherein the first TEE instance and the second TEE instance are configured to service at least a first type of request. [Roth, col. 8 lines 23 – 28 discloses a trusted user or service may have access to functionality associated with a secure execution environment such as, for example, an authorization to send data to and/or to receive data from a secure execution environment, to instantiate applications within a secure execution environment and/or some another secure execution environment. Col. 8 lines 47 – 50 discloses a first secure execution environment that is not isolated from a second secure execution environment may be considered as trusted with respect to that second secure execution environment]
 	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combing Roth’s system with Moore’s system, with a motivation to allow trusted users and trusted services may access a secure execution environment operating within a computing resource service provider. [Roth, col. 8 lines 15 – 17]

Regarding claim 12, modified Moore teaches the method of claim 11, but Moore does not teach wherein the encrypted secret is maintained in encrypted memory.
However, Roth does teach wherein the encrypted secret is maintained in encrypted memory. [Roth, Col. 16 lines 9 – 19 discloses the bootloader may instantiate an application to receive requests for new keys, store keys within a file, remove keys from the file, and to provide encrypted copies of those cryptographic keys to authorized users. The bootloader may also instantiate a file of preloaded keys that may be stored within the secure execution environment and may only be sent outside the secure execution environment using an encryption schema that may only be decrypted by a user with proper credentials as associated with the secure execution environment.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combing Roth’s system with Moore’s system, with a motivation to allow trusted users and trusted services may access a secure execution environment operating within a computing resource service provider. [Roth, col. 8 lines 15 – 17]

Regarding claim 13, modified Moore teaches the method of claim 11, but Moore does not teach wherein the first TEE instance is a first encrypted virtual machine and the second TEE instance is a second encrypted virtual machine.
However, Roth does teach wherein the virtual machine is an encrypted virtual machine. [Roth, col. 17 lines 40 – 47 discloses the computer system operational elements may include computer system images which may include a secure execution environment or may include computer system images which may be configured to create a secure execution environment. The computer system operational elements may include specifications for processes configured to create a secure execution environment using, for example, a device driver and/or or a kernel module. Col. 17 lines 58 – 59 discloses the computer system operational elements 416 may be encrypted]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combing Roth’s system with Moore’s system, with a motivation to allow trusted users and trusted services may access a secure execution environment operating within a computing resource service provider. [Roth, col. 8 lines 15 – 17]
As per claim 15, modified Moore teaches the method of claim 11, wherein obtaining the cryptographic measurement includes at least one of taking the cryptographic measurement or receiving the cryptographic measurement from the second TEE instance. [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the second TEE, which is hosted by a distributed computing system that hosts the first TEE]

As per claim 16, modified Moore teaches the method of claim 11, wherein the cryptographic measurement identifies characteristics of the second TEE instance including at least one of a type of the TEE instance, a version of the TEE instance, and a description of software components loaded into the TEE instance. [Moore, para. 54 discloses the report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report. Examples of a symmetric key-based MAC include but are not limited to keyed-hash MAC (HMAC) and cipher-based MAC (CMAC).]

As per claim 17, modified Moore teaches the method of claim 16, wherein the cryptographic measurement further includes an integrity code to validate the cryptographic measurement. [Moore, para. 54 discloses the report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report. Examples of a symmetric key-based MAC include but are not limited to keyed-hash MAC (HMAC) and cipher-based MAC (CMAC). Para. 43 discloses client-side TEE provision logic 110 may establish a chain of trust from a TEE to a platform based at least in part on receipt of measurements of the TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the TEE. The TEE is hosted by distributed computing system 108.]

As per claim 18, modified Moore teaches the method of claim 11, further comprising an application, the application configured to: launching, by an application, the first TEE instance; [Moore, para. 4 discloses a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms] sending, by the application, the cryptographic measurement to the first TEE instance; [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the second TEE, which is hosted by a distributed computing system that hosts the first TEE] receiving, by the application, the encrypted secret from the first TEE instance [Moore, para. 31 discloses the first TEE may establish a second chain of trust from a second TEE to a platform on which an operating system that launched the second TEE runs; Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. The first TEE may provision the second TEE with second information; Para. 61 discloses client device 202 provides the secret information, which is encrypted with the SIKpub, to TEE 206] and launching, by the application, the second TEE instance [Moore, para. 4 discloses a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms]

Regarding claim 19, Moore teaches a non-transitory machine-readable medium storing code, which when executed by a processor is configured to: maintain an encrypted secret in a memory associated with a first TEE instance, the encrypted secret being used to launch the first TEE instance and secure access to the first TEE while the first TEE is running; [Moore, para. 31 discloses the first TEE may establish a second chain of trust from a second TEE to a platform on which an operating system that launched the second TEE runs; Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. The first TEE may provision the second TEE with second information; Para. 61 discloses client device 202 provides the secret information, which is encrypted with the SIKpub, to TEE 206]  obtain a cryptographic measurement associated with a second TEE instance; validate the cryptographic measurement; [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The measurements indicate attributes of the second TEE, which is hosted by a distributed computing system that hosts the first TEE] provision the second TEE instance with the encrypted secret [Moore, para. 129 discloses collaborating with other trusted execution environments in a plurality of trusted execution environments to have a provisioning encryption key provided to each of the plurality of trusted execution environments in accordance with a consensus algorithm. For instance, provision logic 904 may collaborate with the other trusted execution environments to have the provisioning encryption key provided to each of the plurality of trusted execution environments in accordance with the consensus algorithm. The plurality of trusted execution environments includes the first and second trusted execution environments. In accordance with this embodiment, the method of flowchart 800 includes encrypting the information with a public portion of the provisioning encryption key. For instance, provision logic 904 may encrypt the information 928 with the public portion of the provisioning encryption key. The information may be capable of being decrypted with a private portion of the provisioning encryption key by the second trusted execution environment], but Moore does not teach wherein the first TEE instance and the second TEE instance are configured to service at least a first type of request. 
However, Roth does teach wherein the first TEE instance and the second TEE instance are configured to service at least a first type of request. [Roth, col. 8 lines 23 – 28 discloses a trusted user or service may have access to functionality associated with a secure execution environment such as, for example, an authorization to send data to and/or to receive data from a secure execution environment, to instantiate applications within a secure execution environment and/or some another secure execution environment. Col. 8 lines 47 – 50 discloses a first secure execution environment that is not isolated from a second secure execution environment may be considered as trusted with respect to that second secure execution environment]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combing Roth’s system with Moore’s system, with a motivation to allow trusted users and trusted services may access a secure execution environment operating within a computing resource service provider. [Roth, col. 8 lines 15 – 17]

9.	Claims 9 – 10, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190140846 A1 to Moore et al., (hereafter, “Moore”) in view of US 9246690 B1 to Roth et al., (hereinafter, “Roth”) in further view of US 20200110886 A1 to Moyer et al., (hereinafter, “Moyer”).
Regarding claim 9, modified Roth teaches the system of claim 1, but modified Roth does not teach wherein the first TEE instance is configured to receive a request to clone the first TEE instance.
However, Moyer does teach wherein the first TEE instance is configured to receive a request to clone the first TEE instance. [Moyer, para. 52 discloses a request to duplicate an application running inside a first enclave is received.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Moyer’s system with modified Roth’s system, with a motivation to generate a duplicate instance of the application running in a second enclave from an application running in a first enclave….. the first enclave may set one or more flags to ensure security and accuracy of the snapshot. For instance, to prevent other host-side threads from entering the first enclave and modify memory states inside the first enclave while a snapshot is taken, which would cause inaccuracies in the snapshot (i.e., not exact copies), the first enclave may create an entry barrier. The entry barrier may only allow one snapshotting thread to enter the first enclave, which reduces the likelihood that an untrusted thread may sneak in to take a snapshot [Moyer, para. 22-23].

Regarding claim 10, modified Roth teaches the system of claim 9, wherein the first TEE instance is configured to obtain a cryptographic measurement associated with a second TEE instance, validate the cryptographic measurement, [Roth, col. 15 lines 8 – 23 discloses the agent 408 may be instantiated on the computer system by a second computer system which may be configured to instantiate an agent on the computer system. The agent 408 may be instantiated on the second computer system in response to a request by the first computer system. The agent 408 may be code that may be verified by a computing resource service provider, or may be verified by the customer, or may be verified by a third-party or may be verified by another entity. The agent 408 may also be configured to provide one or more other measurements (also referred to herein as “cryptographic measurements”) of the secure execution environment to the customer that created the secure execution environment so that, for example, secondary verifications of the integrity of the secure execution environment may performed by the customer, the computing resource service provider, a third party or another entity], but modified Roth does not teach provision the encrypted secret to the second TEE instance responsive to receiving the request to clone the first TEE instance.
However, Moyer teaches provision the encrypted secret to the second TEE instance responsive to receiving the request to clone the first TEE instance. [Moyer, para. 3 discloses  provides for receiving, by one or more processors of a host computing device of a first enclave, a request to duplicate an application running inside the first enclave; generating, by the one or more processors, a snapshot of the first enclave including the application; encrypting, by the one or more processors, the snapshot inside the first enclave with a snapshot key; copying, by the one or more processors, the encrypted snapshot from the first enclave to untrusted memory of the host; generating, by the one or more processors, a second enclave; sending, by the one or more processors, the snapshot key from the first enclave to the second enclave through a secure communication channel; copying, by the one or more processors, the encrypted snapshot from the untrusted memory of the host into the second enclave; and decrypting, by the one or more processors, the encrypted snapshot inside the second enclave with the snapshot key.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Moyer’s system with modified Roth’s system, with a motivation to generate a duplicate instance of the application running in a second enclave from an application running in a first enclave….. the first enclave may set one or more flags to ensure security and accuracy of the snapshot. For instance, to prevent other host-side threads from entering the first enclave and modify memory states inside the first enclave while a snapshot is taken, which would cause inaccuracies in the snapshot (i.e., not exact copies), the first enclave may create an entry barrier. The entry barrier may only allow one snapshotting thread to enter the first enclave, which reduces the likelihood that an untrusted thread may sneak in to take a snapshot [Moyer, para. 22-23].

Regarding claim 14, modified Roth teaches the method of claim 11, but modified Roth does not teach wherein the obtaining, validating, and provisioning occur responsive to receiving a request to clone the first TEE instance.
However, Moyer does teach wherein the obtaining, validating, and provisioning occur responsive to receiving a request to clone the first TEE instance. [Moyer, para. 3 discloses  provides for receiving, by one or more processors of a host computing device of a first enclave, a request to duplicate an application running inside the first enclave; generating, by the one or more processors, a snapshot of the first enclave including the application; encrypting, by the one or more processors, the snapshot inside the first enclave with a snapshot key; copying, by the one or more processors, the encrypted snapshot from the first enclave to untrusted memory of the host; generating, by the one or more processors, a second enclave; sending, by the one or more processors, the snapshot key from the first enclave to the second enclave through a secure communication channel; copying, by the one or more processors, the encrypted snapshot from the untrusted memory of the host into the second enclave; and decrypting, by the one or more processors, the encrypted snapshot inside the second enclave with the snapshot key.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Moyer’s system with modified Roth’s system, with a motivation to generate a duplicate instance of the application running in a second enclave from an application running in a first enclave….. the first enclave may set one or more flags to ensure security and accuracy of the snapshot. For instance, to prevent other host-side threads from entering the first enclave and modify memory states inside the first enclave while a snapshot is taken, which would cause inaccuracies in the snapshot (i.e., not exact copies), the first enclave may create an entry barrier. The entry barrier may only allow one snapshotting thread to enter the first enclave, which reduces the likelihood that an untrusted thread may sneak in to take a snapshot [Moyer, para. 22-23].

Regarding claim 20, modified Roth teaches the non-transitory machine-readable medium of claim 17, but modified Roth does not teach wherein the obtaining, validating, and provisioning occur responsive to receiving a request to clone the first TEE instance.
However, Moyer does teach wherein the obtaining, validating, and provisioning occur responsive to receiving a request to clone the first TEE instance. [Moyer, para. 3 discloses  provides for receiving, by one or more processors of a host computing device of a first enclave, a request to duplicate an application running inside the first enclave; generating, by the one or more processors, a snapshot of the first enclave including the application; encrypting, by the one or more processors, the snapshot inside the first enclave with a snapshot key; copying, by the one or more processors, the encrypted snapshot from the first enclave to untrusted memory of the host; generating, by the one or more processors, a second enclave; sending, by the one or more processors, the snapshot key from the first enclave to the second enclave through a secure communication channel; copying, by the one or more processors, the encrypted snapshot from the untrusted memory of the host into the second enclave; and decrypting, by the one or more processors, the encrypted snapshot inside the second enclave with the snapshot key.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Moyer’s system with modified Roth’s system, with a motivation to generate a duplicate instance of the application running in a second enclave from an application running in a first enclave….. the first enclave may set one or more flags to ensure security and accuracy of the snapshot. For instance, to prevent other host-side threads from entering the first enclave and modify memory states inside the first enclave while a snapshot is taken, which would cause inaccuracies in the snapshot (i.e., not exact copies), the first enclave may create an entry barrier. The entry barrier may only allow one snapshotting thread to enter the first enclave, which reduces the likelihood that an untrusted thread may sneak in to take a snapshot [Moyer, para. 22-23].
Conclusion
Pertinent prior arts made of record however not relied upon includes: 
US 10511598 B2 to Shanahan et al.
“Technologies for dynamic loading of integrity protected modules into a secure enclave include a computing device having a processor with secure enclave support. The computing device divides an executable image into multiple chunks, hashes each of the chunks with corresponding attributes that affect security to generate a corresponding hash value, and generates a hash tree as a function of the hash values. The computing device generates an initial secure enclave memory image that includes the root value of the hash tree. At runtime, the computing device accesses a chunk of the executable image from within the secure enclave, which generates a page fault. In response to the page fault, the secure enclave verifies the associated chunk based on the hash tree and accepts the chunk into the secure enclave in response to successful verification. The root value of the hash tree is integrity-protected. Other embodiments are described and claimed.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examine can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434       

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434