DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Amendments
This communication is in response to the amendments filed on 14 July 2022:
	Claim 14 is amended.
	Claims 1-20 are pending.


Response to Arguments
In response to Applicant’s remarks filed on 14 July 2022:
a.	Applicant’s arguments that Wilden fails to teach or suggest (e.g., claim1), “associating the authorization with the computation that executes in the TEE that is authorized; and generating the computation with the associated authorization” has been fully considered but is deemed not-persuasive. Applicant’s attention is directed to Willden, Column 10, Lines 34 – 45, see “Remote computing device 104 sends (210) or otherwise transmits the second data to device 100…remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100…the description of the operation is a description of a cryptographic operation. Device 100 receives (212) the second data…device 100 may process the information received from remote computing device 104 within TEE 106 using processor 102”, where “second data” is being read as data comprising authorization data, due to the abstract disclosing “the TEE may validate the second data to verify the remote computing device generated the second data…”, and where “description of the operation” is being read as comprising the computation that executes in the TEE, wherein both the authorization and the computation are associated with one another, or in other words, the second data is utilized to verify the computation in a sense before the computation is executed. Even though Applicant is arguing that merely sending the second data to device 100 does not associate the authorization with the computation, the Examiner submits that the term “associating” is broadly interpreted as there being some sort of connection between the authorization and the computation, which is taught by Willden. Therefore, Willden successfully teaches the limitation of “associating the authorization with the computation that executes in the TEE that is authorized.”



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-3, 5-9, 14-15 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Willden et al. (U.S. Patent 9,875,368), hereinafter Willden.

	Regarding claim 1, Willden teaches A method for generating a computation such that it will execute in a target trusted execution environment (TEE) (Willden, Column 11, Lines 51 – 53, see “Device 100 performs (218) an operation using the unlocked secret. This operation (or operations) may only be able to be performed in TEE 106 of processor 102”, where “operation” is being read as a computation) (Willden, Column 15, Lines 25 – 42, see “…remote computing device 104 generates (400) an operation request to device 100 in response to a triggering event…device 100 may be configured to send the operation request received from remote computing device 104 directly to TEE 106…”, where “generates (400) an operation request” is being read as generating a computation), comprising:
	selecting the target TEE (Willden, Column 1, Lines 59 – 61, see “…receiving, by a TEE implemented by a computing device, an operation request requiring use of protected data accessible only to the TEE…”, where an operation request is sent to a target TEE that is associated with the protected data accessible only to the target TEE);
	generating an authorization that is satisfied by a TEE (Willden, Column 17, Lines 40 – 47, see “…user authentication may be incorporated into the process so that TEE 106 may require that both the remote computing device 104 and an authorized user of device 100 authorize usage of a secret. TEE 106 may be configured to perform before, after, or in parallel user authentication via a user authentication protocol, such as a password-based protocol or a biometric protocol”, where “TEE 106 may require that both the remote computing device 104 and an authorized user of device 100 authorize usage of a secret” is being read as generating an authorization that is satisfied by a TEE);
	associating the authorization with the computation that executes in the TEE that is authorized (Willden, Column 10, Lines 34 – 45, see “Remote computing device 104 sends (210) or otherwise transmits the second data to device 100…remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100…the description of the operation is a description of a cryptographic operation. Device 100 receives (212) the second data…device 100 may process the information received from remote computing device 104 within TEE 106 using processor 102”, where “second data” is being read as authorization and where “description of the operation” is being read as comprising the computation, which are both associated within TEE 106); and
	generating the computation with the associated authorization (Willden, Column 11, Lines 51 – 67, see “Device 100 performs (218) an operation using the unlocked secret. This operation (or operations) may only be able to be performed in TEE 106 of processor 102…the operation performed is a cryptographic operation such as an encryption or decryption operation using the unlocked secret…the operation performed at action 218 may be an operation that remote computing device 104 requested be performed by device 100”, where “operation” is being read as comprising the computation and where “device 100” and/or “remote computing device 104” are being read as the associated authorized entities) (Willden, Column 15, Lines 25 – 42, see “…remote computing device 104 generates (400) an operation request to device 100 in response to a triggering event…device 100 may be configured to send the operation request received from remote computing device 104 directly to TEE 106…”, where “generates (400) an operation request” is being read as generating a computation).

	Regarding claim 2, Willden teaches The method according to claim 1, further comprising:
	selecting attributes that are incorporated into the authorization for the TEE that is valid (Willden, Column 9, Lines 16 – 44, see “…device 100 is programmed or otherwise configured to refuse to perform any operations, instructions, processes, or the like using a cryptographic key unless authorized by the remote computing device 104…The authorization may take the form of a cryptographic signature including, for example, a digital signature…device 100 and remote computing device 104 may engage in a challenge-response protocol for device 100 to obtain the requisite authorization data…the challenge-response process involves remote computing device 104 providing a challenge (e.g., a challenge value such as a unique piece of data or nonce value) per-transaction on which device 100 operates to provide a valid response (i.e., valid answer) to the extent it is able to validate that remote computing device 104 provided the challenge”, where “challenge-response” is being read as a method for selecting attributes that are incorporated into the authorization for the TEE). 

	Regarding claim 3, Willden teaches The method according to claim 1, wherein the generating the authorization utilizes a security module (SM) (Willden, Column 1, Lines 49 – 51, see “A trusted execution environment (TEE) may be used as part of the security overlay or protocol to protect the confidentiality or usage of protected information, such as a cryptographic key”, where “TEE” is being read as comprising a security module) (Willden, Column 9, Lines 67 and Column 10, Lines 1 – 6, see “…device 100 may process the request within TEE 106 using processor 102…processor 102 generates (204) first data, which may be characterized as a challenge or challenge data…device 100  may generate the first data within TEE 106 using processor 102. Device 100 sends (206) or otherwise transmits the first data to remote computing device 104… “, where “TEE 106” is being read as comprising and/or utilizing a security module due to the implementation of a challenge-response method of authentication).  

	Regarding claim 5, Willden teaches The method according to claim 3, wherein a customer securely inserts a secret into the SM, where a secret includes meta data that indicates which secure computation the secret is associated with (Willden, Column 9, Lines 16 – 21, see “…to generate the second data, remote computing device 104 may calculate a hash value of the first data using a hashing algorithm. The remote computing device 104 may then encrypt the hash value corresponding to the first data to generate the second data (e.g., an encrypted hash value corresponding to the first data according to some examples)”) (Willden, Column 10, Lines 34 – 45, see “Remote computing device 104 sends (210) or otherwise transmits the second data to device 100…remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100…the description of the operation is a description of a cryptographic operation…device 100 may process the information received from remote computing device 104 within TEE 106 using processor 102”, where “second data” is being read as a customer secret inserted into a security module, due to the device 100 receiving the second data and may process the information received from remote computing device 104 within TEE 106”, where “device 100” is operated by a user/customer and where “remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100” is being read as the secret including metadata that indicates which secure computation the secret is associated with). 

	Regarding claim 6, Willden teaches The method according to claim 5, 
	wherein the customer has control of the SM (Willden, FIG. 1, see “DEVICE 100”, which is operated by a user/customer, has control of the TEE 106 comprised of the security module) (Willden, Column 7, Lines 58 – 61, see “…one or more applications 116 may include a third-party application, i.e., an application developed by a party other than a user of device 100 or a developer of primary operating system 112”, where “device 100” is being read as being associated with a user/customer) (Willden, Column 11, Lines 51 – 56, see “Device 100 performs (218) an operation using the unlocked secret. This operation (or operations) may only be able to be performed in TEE 106 of processor 102…the operation performed is a cryptographic operation such as an encryption or decryption operation using the unlocked secret”, where “TEE 106” can be read as being comprised of a security module and where “Device 100 performs an operating using the unlocked secret” is being read as the customer having control of the security module comprised within the TEE). 

	Regarding claim 7, Willden teaches The method according to claim 3,
	wherein the SM inserts the authorization into the target TEE (Willden, Column 9, Lines 60 – 67 and Column 10, Lines 1 – 4, see “…remote computing device 104 generates (200) an operation request to device 100 in response to a triggering event…Device 100 receives (202) the operation request issued by remote computing device 104. Here, device 100 may process the request within TEE 106 using processor 102…processor 102 generates (204) first data, which may be characterized as a challenge or challenge data…device 100 may generate the first data within TEE 106 using processor 102…”) (Willden, Column 10, Lines 46 – 53, see “Device 100 validates (214) the second data to verify that remote computing device 104 generated the second data…At action 214, device 100 may perform validation within TEE 106 using processor 102”, where “device 100 may perform validation within TEE 106 using processor 102” is being read as the security module inserting the authorization into the target TEE) (Willden, Column 17, Lines 48 – 51, see “Responsively to successfully verifying remote computing device 104 generated the second data, TEE 106 unlocks (432) or otherwise rendering accessible for use or processing of a secret by TEE 106…”, where “TEE 106 unlocks or otherwise rendering accessible for use or processing of a secret by TEE 106” is being read as the security module inserting the authorization into the target TEE). 

	Regarding claim 8, Willden teaches The method according to claim 1, wherein the TEE is in a cloud or local infrastructure (Willden, FIG. 1, see “TRUSTED EXECUTION ENVIRONMENT 106” which is within a “PROCESSOR 102” where the processor is included in a “DEVICE 100”, ultimately being read as the TEE being in a local infrastructure).

	Regarding claim 9, Willden teaches The method according to claim 1, wherein an SM is used as part of the cloud or local infrastructure (Willden, FIG. 1, see “TRUSTED EXECUTION ENVIRONMENT 106”, where “TEE 106” is being read as comprising a security module used as part of the local infrastructure). 

	Regarding claim 14, Willden teaches A method according to claim 1, further comprising:
	provisioning the computation that is generated (Willden, Claim 7, see “…sending, by a first computing device, an operation request requiring use of a protected data accessible only to a trusted execution environment of a second computing device remote to the first computing device…wherein the second computing device is configured to…validate the operation request and performs an operation indicated by the operation request using the protected data”, where “validate the operation request and performs an operation indicated by the operation request using the protected data” is being read as provisioning the computation that is generated).,
	wherein the trusted execution environment is in a cloud or local infrastructure (Willden, FIG. 1, see “TRUSTED EXECUTION ENVIRONMENT 106” which is within a “PROCESSOR 102” where the processor is included in a “DEVICE 100”, ultimately being read as the TEE being in a local infrastructure)., and
	wherein an SM is used as part of the cloud or local infrastructure (Willden, FIG. 1, see “TRUSTED EXECUTION ENVIRONMENT 106”, where “TEE 106” is being read as comprising a security module used as part of the local infrastructure).

	Regarding claim 15, Willden teaches A system, comprising:
	a memory storing computer instructions (Willden, Column 21, Lines 4 – 9, see “…the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over, as one or more instructions or code, a computer-readable medium and executed by a hardware-based processing unit”); and
	a processor configured to execute the computer instructions to (Willden, Column 21, Lines 4 – 9, see “…the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over, as one or more instructions or code, a computer-readable medium and executed by a hardware-based processing unit”):
		selecting a target trusted execution environment (TEE) (Willden, Column 1, Lines 59 – 61, see “…receiving, by a TEE implemented by a computing device, an operation request requiring use of protected data accessible only to the TEE…”, where an operation request is sent to a target TEE that is associated with the protected data accessible only to the target TEE);
		generate an authorization that is satisfied by a TEE (Willden, Column 17, Lines 40 – 47, see “…user authentication may be incorporated into the process so that TEE 106 may require that both the remote computing device 104 and an authorized user of device 100 authorize usage of a secret. TEE 106 may be configured to perform before, after, or in parallel user authentication via a user authentication protocol, such as a password-based protocol or a biometric protocol”, where “TEE 106 may require that both the remote computing device 104 and an authorized user of device 100 authorize usage of a secret” is being read as generating an authorization that is satisfied by a TEE);
		associate the authorization with the computation that executes in the TEE that is authorized (Willden, Column 10, Lines 34 – 45, see “Remote computing device 104 sends (210) or otherwise transmits the second data to device 100…remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100…the description of the operation is a description of a cryptographic operation. Device 100 receives (212) the second data…device 100 may process the information received from remote computing device 104 within TEE 106 using processor 102”, where “second data” is being read as authorization and where “description of the operation” is being read as comprising the computation, which are both associated within TEE 106); and
		generate the computation with the associated authorization (Willden, Column 11, Lines 51 – 67, see “Device 100 performs (218) an operation using the unlocked secret. This operation (or operations) may only be able to be performed in TEE 106 of processor 102…the operation performed is a cryptographic operation such as an encryption or decryption operation using the unlocked secret…the operation performed at action 218 may be an operation that remote computing device 104 requested be performed by device 100”, where “operation” is being read as comprising the computation and where “device 100” and/or “remote computing device 104” are being read as the associated authorized entities) (Willden, Column 15, Lines 25 – 42, see “…remote computing device 104 generates (400) an operation request to device 100 in response to a triggering event…device 100 may be configured to send the operation request received from remote computing device 104 directly to TEE 106…”, where “generates (400) an operation request” is being read as generating a computation).

	Regarding claim 18, Willden teaches A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions readable and executable by a computer to cause the computer to perform a method (Willden, Column 21, Lines 4 – 9, see “…the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over, as one or more instructions or code, a computer-readable medium and executed by a hardware-based processing unit”), comprising:
	selecting a target trusted execution environment (TEE) (Willden, Column 1, Lines 59 – 61, see “…receiving, by a TEE implemented by a computing device, an operation request requiring use of protected data accessible only to the TEE…”, where an operation request is sent to a target TEE that is associated with the protected data accessible only to the target TEE);
	generating an authorization that is satisfied by a TEE (Willden, Column 17, Lines 40 – 47, see “…user authentication may be incorporated into the process so that TEE 106 may require that both the remote computing device 104 and an authorized user of device 100 authorize usage of a secret. TEE 106 may be configured to perform before, after, or in parallel user authentication via a user authentication protocol, such as a password-based protocol or a biometric protocol”, where “TEE 106 may require that both the remote computing device 104 and an authorized user of device 100 authorize usage of a secret” is being read as generating an authorization that is satisfied by a TEE);
	associating the authorization with the computation that executes in the TEE that is authorized (Willden, Column 10, Lines 34 – 45, see “Remote computing device 104 sends (210) or otherwise transmits the second data to device 100…remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100…the description of the operation is a description of a cryptographic operation. Device 100 receives (212) the second data…device 100 may process the information received from remote computing device 104 within TEE 106 using processor 102”, where “second data” is being read as authorization and where “description of the operation” is being read as comprising the computation, which are both associated within TEE 106); and
	generating the computation with the associated authorization (Willden, Column 11, Lines 51 – 67, see “Device 100 performs (218) an operation using the unlocked secret. This operation (or operations) may only be able to be performed in TEE 106 of processor 102…the operation performed is a cryptographic operation such as an encryption or decryption operation using the unlocked secret…the operation performed at action 218 may be an operation that remote computing device 104 requested be performed by device 100”, where “operation” is being read as comprising the computation and where “device 100” and/or “remote computing device 104” are being read as the associated authorized entities) (Willden, Column 15, Lines 25 – 42, see “…remote computing device 104 generates (400) an operation request to device 100 in response to a triggering event…device 100 may be configured to send the operation request received from remote computing device 104 directly to TEE 106…”, where “generates (400) an operation request” is being read as generating a computation). 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 4, 16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Willden, in view of Mullen et al. (U.S. PGPub. 2016/0335531), hereinafter Mullen.

	Regarding claim 4, Willden does not teach the following limitation(s) as taught by Mullen: The method according to claim 1, wherein associating the authorization with the computation includes inserting information into the computation dynamically (Mullen, Paragraph [0044], see “…a method of authorizing transactions using a dynamic number may not be subject to synchronicity…according to at least one example embodiment, an issuer may associate a function composed of multiple variables to each transaction account (e.g., to each credit card account), and may issue card 100 to a user with the associated function and a random number generator (e.g., a computational or physical device)…For each transaction, card 100 may generate a random number and determine a solution to the associated function using the random number to generate a dynamic number. Card 100 may communicate the random number, the dynamic number and an identifier, to a verification facility and/or device (hereinafter, “verifying entity”)”, where “card 100 may generate a random number and determine a solution to the associated function using the random number to generate a dynamic number” is analogous to a computation and where “card 100 may communicate the random number, the dynamic number and an identifier”, where “identifier” is analogous to information involving the authorization of a user/device, therefore, the card 100 associates the authorization with the computation by inserting information into the computation dynamically). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for remote authorization of usage of protected data in trusted execution environments, disclosed of Willden, by implementing techniques for dynamic security codes, tokens, cards, comprising inserting information into the computation dynamically, disclosed of Mullen. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for provisioning secure/encrypted virtual machines in a cloud infrastructure, comprising inserting information into the computation dynamically in order to associate the authorization with the computation. This allows for better security management and efficiency of the overall system by inserting authorization with the computation, which permits the system to provision both the computation and authorization before allowing execution of the process in the trusted environment. Mullen is deemed as analogous art due to the art disclosing a method of verifying an entity through a dynamic number generated through computation with an identifier provided by the entity (Mullen, Paragraph [0044]). 

	Regarding claim 16, Willden teaches The system according to claim 15, further comprising:
	selecting attributes that are incorporated into the authorization for the TEE that is valid (Willden, Column 9, Lines 16 – 44, see “…device 100 is programmed or otherwise configured to refuse to perform any operations, instructions, processes, or the like using a cryptographic key unless authorized by the remote computing device 104…The authorization may take the form of a cryptographic signature including, for example, a digital signature…device 100 and remote computing device 104 may engage in a challenge-response protocol for device 100 to obtain the requisite authorization data…the challenge-response process involves remote computing device 104 providing a challenge (e.g., a challenge value such as a unique piece of data or nonce value) per-transaction on which device 100 operates to provide a valid response (i.e., valid answer) to the extent it is able to validate that remote computing device 104 provided the challenge”, where “challenge-response” is being read as a method for selecting attributes that are incorporated into the authorization for the TEE).,
	wherein the generating the authorization utilizes a security module (SM) (Willden, Column 1, Lines 49 – 51, see “A trusted execution environment (TEE) may be used as part of the security overlay or protocol to protect the confidentiality or usage of protected information, such as a cryptographic key”, where “TEE” is being read as comprising a security module) (Willden, Column 9, Lines 67 and Column 10, Lines 1 – 6, see “…device 100 may process the request within TEE 106 using processor 102…processor 102 generates (204) first data, which may be characterized as a challenge or challenge data…device 100  may generate the first data within TEE 106 using processor 102. Device 100 sends (206) or otherwise transmits the first data to remote computing device 104… “, where “TEE 106” is being read as comprising and/or utilizing a security module due to the implementation of a challenge-response method of authentication),
	
	wherein a customer securely inserts a secret into the SM where a secret includes meta data that indicates which secure computation the secret is associated with (Willden, Column 9, Lines 16 – 21, see “…to generate the second data, remote computing device 104 may calculate a hash value of the first data using a hashing algorithm. The remote computing device 104 may then encrypt the hash value corresponding to the first data to generate the second data (e.g., an encrypted hash value corresponding to the first data according to some examples)”) (Willden, Column 10, Lines 34 – 45, see “Remote computing device 104 sends (210) or otherwise transmits the second data to device 100…remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100…the description of the operation is a description of a cryptographic operation…device 100 may process the information received from remote computing device 104 within TEE 106 using processor 102”, where “second data” is being read as a customer secret inserted into a security module, due to the device 100 receiving the second data and may process the information received from remote computing device 104 within TEE 106”, where “device 100” is operated by a user/customer and where “remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100” is being read as the secret including metadata that indicates which secure computation the secret is associated with),
	wherein the custom has control of the SM (Willden, FIG. 1, see “DEVICE 100”, which is operated by a user/customer, has control of the TEE 106 comprised of the security module) (Willden, Column 7, Lines 58 – 61, see “…one or more applications 116 may include a third-party application, i.e., an application developed by a party other than a user of device 100 or a developer of primary operating system 112”, where “device 100” is being read as being associated with a user/customer) (Willden, Column 11, Lines 51 – 56, see “Device 100 performs (218) an operation using the unlocked secret. This operation (or operations) may only be able to be performed in TEE 106 of processor 102…the operation performed is a cryptographic operation such as an encryption or decryption operation using the unlocked secret”, where “TEE 106” can be read as being comprised of a security module and where “Device 100 performs an operating using the unlocked secret” is being read as the customer having control of the security module comprised within the TEE), and
	wherein the security module inserts the authorization into the target TEE (Willden, Column 9, Lines 60 – 67 and Column 10, Lines 1 – 4, see “…remote computing device 104 generates (200) an operation request to device 100 in response to a triggering event…Device 100 receives (202) the operation request issued by remote computing device 104. Here, device 100 may process the request within TEE 106 using processor 102…processor 102 generates (204) first data, which may be characterized as a challenge or challenge data…device 100 may generate the first data within TEE 106 using processor 102…”) (Willden, Column 10, Lines 46 – 53, see “Device 100 validates (214) the second data to verify that remote computing device 104 generated the second data…At action 214, device 100 may perform validation within TEE 106 using processor 102”, where “device 100 may perform validation within TEE 106 using processor 102” is being read as the security module inserting the authorization into the target TEE) (Willden, Column 17, Lines 48 – 51, see “Responsively to successfully verifying remote computing device 104 generated the second data, TEE 106 unlocks (432) or otherwise rendering accessible for use or processing of a secret by TEE 106…”, where “TEE 106 unlocks or otherwise rendering accessible for use or processing of a secret by TEE 106” is being read as the security module inserting the authorization into the target TEE).
	Willden does not teach the following limitation(s) as taught by Mullen: wherein associating the authorization with the computation includes inserting information into the computation dynamically (Mullen, Paragraph [0044], see “…a method of authorizing transactions using a dynamic number may not be subject to synchronicity…according to at least one example embodiment, an issuer may associate a function composed of multiple variables to each transaction account (e.g., to each credit card account), and may issue card 100 to a user with the associated function and a random number generator (e.g., a computational or physical device)…For each transaction, card 100 may generate a random number and determine a solution to the associated function using the random number to generate a dynamic number. Card 100 may communicate the random number, the dynamic number and an identifier, to a verification facility and/or device (hereinafter, “verifying entity”)”, where “card 100 may generate a random number and determine a solution to the associated function using the random number to generate a dynamic number” is analogous to a computation and where “card 100 may communicate the random number, the dynamic number and an identifier”, where “identifier” is analogous to information involving the authorization of a user/device, therefore, the card 100 associates the authorization with the computation by inserting information into the computation dynamically). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for remote authorization of usage of protected data in trusted execution environments, disclosed of Willden, by implementing techniques for dynamic security codes, tokens, cards, comprising inserting information into the computation dynamically, disclosed of Mullen. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for provisioning secure/encrypted virtual machines in a cloud infrastructure, comprising inserting information into the computation dynamically in order to associate the authorization with the computation. This allows for better security management and efficiency of the overall system by inserting authorization with the computation, which permits the system to provision both the computation and authorization before allowing execution of the process in the trusted environment. Mullen is deemed as analogous art due to the art disclosing a method of verifying an entity through a dynamic number generated through computation with an identifier provided by the entity (Mullen, Paragraph [0044]). 

Regarding claim 19, Willden teaches The computer program product according to claim 18, further comprising:
selecting attributes that are incorporated into the authorization for the TEE that is valid (Willden, Column 9, Lines 16 – 44, see “…device 100 is programmed or otherwise configured to refuse to perform any operations, instructions, processes, or the like using a cryptographic key unless authorized by the remote computing device 104…The authorization may take the form of a cryptographic signature including, for example, a digital signature…device 100 and remote computing device 104 may engage in a challenge-response protocol for device 100 to obtain the requisite authorization data…the challenge-response process involves remote computing device 104 providing a challenge (e.g., a challenge value such as a unique piece of data or nonce value) per-transaction on which device 100 operates to provide a valid response (i.e., valid answer) to the extent it is able to validate that remote computing device 104 provided the challenge”, where “challenge-response” is being read as a method for selecting attributes that are incorporated into the authorization for the TEE),
wherein the generating the authorization utilizes a security module (SM) (Willden, Column 1, Lines 49 – 51, see “A trusted execution environment (TEE) may be used as part of the security overlay or protocol to protect the confidentiality or usage of protected information, such as a cryptographic key”, where “TEE” is being read as comprising a security module) (Willden, Column 9, Lines 67 and Column 10, Lines 1 – 6, see “…device 100 may process the request within TEE 106 using processor 102…processor 102 generates (204) first data, which may be characterized as a challenge or challenge data…device 100  may generate the first data within TEE 106 using processor 102. Device 100 sends (206) or otherwise transmits the first data to remote computing device 104… “, where “TEE 106” is being read as comprising and/or utilizing a security module due to the implementation of a challenge-response method of authentication),

wherein a customer securely inserts a secret into the SM where a secret includes meta data that indicates which secure computation the secret is associated with (Willden, Column 9, Lines 16 – 21, see “…to generate the second data, remote computing device 104 may calculate a hash value of the first data using a hashing algorithm. The remote computing device 104 may then encrypt the hash value corresponding to the first data to generate the second data (e.g., an encrypted hash value corresponding to the first data according to some examples)”) (Willden, Column 10, Lines 34 – 45, see “Remote computing device 104 sends (210) or otherwise transmits the second data to device 100…remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100…the description of the operation is a description of a cryptographic operation…device 100 may process the information received from remote computing device 104 within TEE 106 using processor 102”, where “second data” is being read as a customer secret inserted into a security module, due to the device 100 receiving the second data and may process the information received from remote computing device 104 within TEE 106”, where “device 100” is operated by a user/customer and where “remote computing device 104 may also send to device 100 a description of the operation remote computing device 104 wants performed by device 100” is being read as the secret including metadata that indicates which secure computation the secret is associated with),
wherein the customer has control of the SM (Willden, FIG. 1, see “DEVICE 100”, which is operated by a user/customer, has control of the TEE 106 comprised of the security module) (Willden, Column 7, Lines 58 – 61, see “…one or more applications 116 may include a third-party application, i.e., an application developed by a party other than a user of device 100 or a developer of primary operating system 112”, where “device 100” is being read as being associated with a user/customer) (Willden, Column 11, Lines 51 – 56, see “Device 100 performs (218) an operation using the unlocked secret. This operation (or operations) may only be able to be performed in TEE 106 of processor 102…the operation performed is a cryptographic operation such as an encryption or decryption operation using the unlocked secret”, where “TEE 106” can be read as being comprised of a security module and where “Device 100 performs an operating using the unlocked secret” is being read as the customer having control of the security module comprised within the TEE), and
wherein the SM inserts the authorization into the target TEE (Willden, Column 9, Lines 60 – 67 and Column 10, Lines 1 – 4, see “…remote computing device 104 generates (200) an operation request to device 100 in response to a triggering event…Device 100 receives (202) the operation request issued by remote computing device 104. Here, device 100 may process the request within TEE 106 using processor 102…processor 102 generates (204) first data, which may be characterized as a challenge or challenge data…device 100 may generate the first data within TEE 106 using processor 102…”) (Willden, Column 10, Lines 46 – 53, see “Device 100 validates (214) the second data to verify that remote computing device 104 generated the second data…At action 214, device 100 may perform validation within TEE 106 using processor 102”, where “device 100 may perform validation within TEE 106 using processor 102” is being read as the security module inserting the authorization into the target TEE) (Willden, Column 17, Lines 48 – 51, see “Responsively to successfully verifying remote computing device 104 generated the second data, TEE 106 unlocks (432) or otherwise rendering accessible for use or processing of a secret by TEE 106…”, where “TEE 106 unlocks or otherwise rendering accessible for use or processing of a secret by TEE 106” is being read as the security module inserting the authorization into the target TEE).
	Willden does not teach the following limitation(s) as taught by Mullen: wherein associating the authorization with the computation includes inserting information into the computation dynamically (Mullen, Paragraph [0044], see “…a method of authorizing transactions using a dynamic number may not be subject to synchronicity…according to at least one example embodiment, an issuer may associate a function composed of multiple variables to each transaction account (e.g., to each credit card account), and may issue card 100 to a user with the associated function and a random number generator (e.g., a computational or physical device)…For each transaction, card 100 may generate a random number and determine a solution to the associated function using the random number to generate a dynamic number. Card 100 may communicate the random number, the dynamic number and an identifier, to a verification facility and/or device (hereinafter, “verifying entity”)”, where “card 100 may generate a random number and determine a solution to the associated function using the random number to generate a dynamic number” is analogous to a computation and where “card 100 may communicate the random number, the dynamic number and an identifier”, where “identifier” is analogous to information involving the authorization of a user/device, therefore, the card 100 associates the authorization with the computation by inserting information into the computation dynamically). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for remote authorization of usage of protected data in trusted execution environments, disclosed of Willden, by implementing techniques for dynamic security codes, tokens, cards, comprising inserting information into the computation dynamically, disclosed of Mullen. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for provisioning secure/encrypted virtual machines in a cloud infrastructure, comprising inserting information into the computation dynamically in order to associate the authorization with the computation. This allows for better security management and efficiency of the overall system by inserting authorization with the computation, which permits the system to provision both the computation and authorization before allowing execution of the process in the trusted environment. Mullen is deemed as analogous art due to the art disclosing a method of verifying an entity through a dynamic number generated through computation with an identifier provided by the entity (Mullen, Paragraph [0044]). 


Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Willden, in view of WU et al. (U.S. PGPub. 2015/0082399), hereinafter Wu.

	Regarding claim 10, Willden does not teach the following limitation(s) as taught by Wu: The method according to claim 1, wherein detailed information about the cloud infrastructure or detailed information about the TEE is revealed only to the security module (Wu, Paragraph [0630], see “Thus, to protect users, the present disclosure describes a highly secure, cloud based information storage infrastructure enhanced by TPM to meet the security demands that requires data confidentiality, integrity and User Authentication”, where “TPM” is analogous to comprising a security module). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for remote authorization of usage of protected data in trusted execution environments, disclosed of Willden, by implementing techniques for data protection system, comprising of detailed information about the infrastructure or detailed information about other systems/processes are only revealed to the security module, disclosed of Wu.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for provisioning secure/encrypted virtual machines in a cloud infrastructure, comprising of detailed information about the infrastructure or detailed information about other systems/processes are only revealed to the security module. This allows for better security management by securing infrastructure and/or operation data in a security module, which ultimately reduces the chances data can be compromised by an unauthorized entity. Wu is deemed as analogous art due to the art disclosing techniques enhanced by TPM/security module to store cloud based information infrastructure (Wu, Paragraph [0630]). 


Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Willden, in view of Kwon et al. (U.S. PGPub. 2017/0127457), hereinafter Kwon.

	Regarding claim 11, Willden does not teach the following limitation(s) as taught by Kwon: The method according to claim 1, wherein the SM stores a list of previously generated authorizations when an authorization has been previously generated for the target TEE that is selected, the SM does not regenerate (Kwon, Paragraph [0310], see “…if the hash list and signature information are received at step S1508, the security module 133 may store the hash list and verify validity of the signature information using a previously stored key at step S1510”, where “previously stored key” is analogous to previously generated authorizations) (Kwon, Paragraph [0313], see “If it is determined at step S1513 that the validity verification is successful, the first control unit 131 may transmit the latest version of the software in unit of block at step S1514”) (Kwon, Paragraph [0314], see “Otherwise, if it is determined at step S1513 that the validity verification fails, the first control unit 131 may stop updating the software installed in the second control unit 132”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for remote authorization of usage of protected data in trusted execution environments, disclosed of Willden, by implementing techniques for a wireless terminal, comprising a security module storing a list of previously generated authorizations when an authorization has been previously generated for a target device that is selected, disclosed of Kwon.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for provisioning secure/encrypted virtual machines in a cloud infrastructure, comprising a security module storing a list of previously generated authorizations when an authorization has been previously generated for a target device that is selected. This allows for better security management and efficiency of the overall system by storing previously generated authorizations so the system does not have to regenerate authorization data each time a device requests access to an operation. Kwon is deemed as analogous art due to the art disclosing techniques for storing a previously generated authorization list in a security module (Kwon, Paragraphs [0310 – 0314]). 


Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Willden, in view of Kwok (U.S. PGPub. 2016/0085692). 

	Regarding claim 12, Willden teaches The method according to claim 1, wherein at least a part of the computation is encrypted (Willden, (41), see “…the operation performed is a cryptographic operation such as an encryption or decryption using the unlocked secret…using the unlocked secret may refer to the unlocked secret (or plainly, secret) being a cryptographic key that is used to encrypt or decrypt data”, where the operation (computation) involves encryption and/or decryption), 
	Willden does not teach the following limitation(s) as taught by Kwok: encrypting part of the computation includes encrypting the information needed to check the integrity of the computation (Kwok, Paragraph [0028], see “…the operations depicted in Figs. 3 and 5 allow for an integrity check of encrypted data without exposing the plaintext data or plaintext CRC information”, where “encrypted data” is analogous to encrypting the information needed to check the integrity of the computation). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for remote authorization of usage of protected data in trusted execution environments, disclosed of Willden, by implementing techniques for encryption integrity check in memory, comprising of encrypting the information needed to check the integrity of the computation/data, disclosed of Kwok.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for provisioning secure/encrypted virtual machines in a cloud infrastructure, comprising of encrypting the information needed to check the integrity of the computation/data. This allows for better security management by encrypting the information needed to check the integrity of the computation without exposing the plaintext data, as well as, ensuring full confidence that the computation/data received is the actual valid computation/data from the sender and has not been tampered with or manipulated. Kwok is deemed as analogous art due to the art disclosing techniques for checking the integrity of encrypted data (Kwok, Paragraph [0028]). 


Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Willden, in view of Wei et al. (U.S. Patent 10,715,339), hereinafter Wei.

	Regarding claim 13, Willden teaches The method according to claim 1, wherein the authorization restricts the computation to a specific TEE (Willden, (68), see “Responsive to TEE 106 being unable to successfully verify remote computing device 104 generated the second data (“NO” branch of 428), TEE 106 may refrain (430) from performing the requested operation…TEE 106 may refrain from performing the requested operation at action 430 because the device or process from which the operation was requested was deemed untrustworthy…”).
	Willden does not teach the following limitation(s) as taught by Wei: The method according to claim 1, wherein the authorization restricts the computation to a specific TEE from among a plurality of TEEs (Wei, FIG. 3, see “Node 1”, “Node 2”, “Node 3”, “Node N”, where each node comprises a TEE). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for remote authorization of usage of protected data in trusted execution environments, disclosed of Willden, by implementing techniques for distributed key management for trusted execution environments, comprising of the system including a plurality of TEEs, disclosed of Wei. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for provisioning secure/encrypted virtual machines in a cloud infrastructure, comprising of the system including a plurality of TEEs. This allows for better security management and system efficiency by utilizing a plurality of TEEs, each associated with different data being utilized for operational purposes, wherein the TEEs increase the security level of data in organizations that manage sensitive and regulated information. Wei is deemed as analogous art due to the art disclosing key management for a plurality of trusted execution environments (Wei, FIG. 3). 



Allowable Subject Matter
Claims 17 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/R.A.M./Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499