DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
NO restrictions warranted at applicant’s initial time of filing for patent. 
Priority
Applicant claims NO foreign or domestic priority at initial time filing for patent. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/07/2021, the submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
Applicant’s drawings filed on 07/20/2020 have been inspected and are in compliance with MPEP 608.02. 
Specification
Applicant’s specification filed on 07/20/2020 has been inspected, and is in compliance with MPEP 608.01. 
Claim Objections
NO objection warranted at applicant’s initial time of filing for patent. 
Claim Interpretation – 35 USC 112th 6th or F
Claim[s] 1 – 20 do not invoke means for or step plus functional claim language under the meaning of the statute. 
Claim Rejections – 35 USC § 112
NO rejections warranted at applicant’s initial time of filing for patent. 
Double Patenting
NO rejections warranted at applicant’s initial time of filing for patent. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim[s] 1, 17, 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to the abstract idea of: Mental processes: concepts performed in the human mind [including an observation, evaluation, judgment, opinion] without significantly more. 
For example, in at least claim # 1, the claim(s) recite(s) 
“determining a labeling of the sensor data, comprising: 

determining personal data and determining non-personal data that is separated from the personal data, wherein each of the personal and non-personal data comprise labeled data, wherein the personal data comprises information relating to at least one identified or identifiable natural person; and [Mental processes: concepts performed in the human mind [including an observation, evaluation]

performing, via the personal data and the non-personal data that is separated from the
personal data, data processing associated with collecting sensor data associated with the vehicle. [Mental processes: concepts performed in the human mind [including an observation, evaluation]”

This judicial exception is not integrated into a practical application because the remaining claim limitations amount to adding insignificant extra – solution activity to the judicial exception:
	“receiving, at a first backend computer, sensor data associated with a vehicle;”

The claim(s) 2 – 16, 18, 19 does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because of the following reasons:
As per claim 2. The method of claim 1, wherein the sensor data is collected by the vehicle while the vehicle is operating in an autonomous driving mode or is collected by infrastructure associated with the vehicle operating in the autonomous driving mode. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 3. The method of claim 1, wherein the personal data comprises image data of the at least one identified or identifiable natural person, wherein the image data is captured by at least one sensor in the vehicle, wherein the image data comprises one or more of: human biometric information of the at least one identified or identifiable natural person, physical features of the at least one identified or identifiable natural person, an address number associated with the at least one identified or identifiable natural person, a license plate number or other vehicle information associated with the at least one identified or identifiable natural person, or neighborhood information associated with the
at least one identified or identifiable natural person. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 4. The method of claim 1, wherein the sensor data comprises image data that comprises personally identifiable information (PII) of the at least one identified or identifiable natural person. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 5. The method of claim 1, further comprising: 
providing one or more random masks to the vehicle; 
in response to providing the one or more random masks, receiving a first portion
of masked shares and a second portion masked shares, wherein the first and second portions each comprise personal data; and 
following receiving the first and second portions, performing the data processing by communicating with a second backend computer according to a multi-party computation (MPC) framework such that neither of the first or second portions of masked shares are
shared between the first and second backend computers. [i.e. generally linking the judicial exception to a technological environment]

As per claim 6. The method of claim 1, wherein receiving sensor data associated with the vehicle further comprises receiving masked sensor data, wherein the masked sensor data comprises both personal data and non-personal data. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 7. The method of claim 1, wherein determining the labeling of the sensor data further comprises providing at least a portion of the sensor data to a third party server; and 
in response to providing the at least a portion of the sensor data to the third party server, receiving sensor data in return that is labeled. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 8. The method of claim 1, further comprising: prior to receiving the sensor data at the first backend computer, providing the vehicle with a cryptographic key from a trusted execution environment (TEE); 
in response to providing the vehicle with the cryptographic key, receiving at least
a portion of the sensor data encrypted with the cryptographic key; and 
then, within the TEE, determining decrypted sensor data. [i.e. practical application of the judicial exception]

As per claim 9. The method of claim 8, further comprising: 
before determining the labeling of the sensor data, separating within the TEE the personal data from the non-personal data. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 10. The method of claim 8, further comprising: 
storing the non-personal data in a database; 
after determining the decrypted sensor data, encrypting the personal data with a sealing key; and 
then storing the personal data encrypted with the sealing key in the database. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 11. The method of claim 10, further comprising: attesting a subservient enclave so that the subservient enclave can retrieve the personal data using a copy of the sealing key stored within its TEE coupled with a unique signature of the subservient enclave. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 12. The method of claim 8, further comprising: 
requesting one or more random masks from a second backend computer; 
requesting one or more random masks from a third backend computer; 
executing a first masking of the decrypted sensor data; 
executing a second masking of the decrypted sensor data; and 
providing the first masking of the decrypted sensor data to the second backend computer and providing the second masking of the decrypted sensor data to the third backend computer so that the second and third backend computers can process the sensor data according to a multi-party computation (MPC) framework thereby maintaining separation of the sensor data associated with the first masking and the sensor data associated with the second masking. [i.e. generally linking the judicial exception to a technological environment]

As per claim 13. The method of claim 8, wherein the labeling of the sensor data occurs within the TEE. [i.e. adding insignificant extra – solution activity to the judicial exception]

As per claim 14. The method of claim 1, wherein at least a portion of the sensor data received at the first backend computer is encrypted with a cryptographic key of a trusted execution environment (TEE) within the first backend computer; 
after receiving the at least the portion of the sensor data, generating masked shares for a first portion of the sensor data within the TEE and generating masked shares for a second portion of the sensor data within the TEE; 
providing the masked shares for the first portion to a second backend computer; and providing the masked shares for the second portion to a third backend computer so that at least one of the second or third backend computers perform the data processing. [i.e. practical application of the judicial exception]


As per claim 15. The method of claim 1, wherein at least a portion of the sensor data received at the first backend computer comprises a first portion of masked shares, and further comprising:providing the first portion of masked shares to a trusted execution environment (TEE) within another computer so that the TEE may execute the labeling or the data processing, or both, wherein the TEE receives the first portion of masked shares from the first backend computer and a second portion of masked shares associated with the sensor data from a second backend computer, wherein the first and second backend computers engage in accordance with a multi-party computation (MPC) framework. [i.e. practical application of the judicial exception]

As per claim 16. The method of claim 1, wherein determining a separation of the personal data from the non-personal data, determining the labeling, or performing the data processing occurs within a trusted execution environment (TEE) associated with a master enclave or a subservient enclave. [i.e. practical application of the judicial exception]

As per claim 18. The first backend computer of claim 17, wherein the plurality of instructions further comprise, to: 
prior to receiving the sensor data at the first backend computer, provide the
vehicle with a cryptographic key from a trusted execution environment (TEE); in response to providing the vehicle with the cryptographic key, receive at least a portion of the sensor data encrypted with the cryptographic key; and 
then, within the TEE, determine decrypted sensor data. [i.e. practical application of the judicial exception]

As per claim 19. The first backend computer of claim 18, wherein the plurality of instructions further comprise, to: 
request one or more random masks from a second backend computer; 
request one or more random masks from a third backend computer; 
execute a first masking of the decrypted sensor data; 
execute a second masking of the decrypted sensor data; and 
provide the first masking of the decrypted sensor data to the second backend computer and provide the second masking of the decrypted sensor data to the third backend computer. [i.e. adding insignificant extra – solution activity to the judicial exception]
Appropriate action required. 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 3, 4, 6, 20 is/are rejected under 35 U.S.C. 102(a)(2) as being taught by Kurian et al. [US PGPUB # 2018/0137264].
As per claim 1. Kurian does teach a method of managing personal data associated with a vehicle [paragraph: 0002, As vehicles and devices increasingly provide audio or visual displays for various users to access, view, and/or modify information, including client information, ensuring the safety and security of information made available is increasingly important. In many instances, however, it may be difficult to ensure the safety and security of such information while also optimizing the efficient and effective technical operations of the computer systems, vehicles, and/or devices that maintain and/or provide such information.], comprising:
receiving, at a first backend computer, sensor data associated with a vehicle [paragraph: 0004, lines 3 – 11, and a memory may receive driver sensor data indicating whether a driver seat in a vehicle is occupied. The computing platform may determine, based on the driver sensor data, an identity of a driver of the vehicle. The computing platform may receive passenger sensor data indicating whether a passenger seat in the vehicle is occupied. The computing platform may, based on the passenger sensor data indicating that the passenger seat in the vehicle is occupied, obscure information on a screen of the vehicle.];
determining a labeling of the sensor data [paragraph: 0010, lines 1 – 4, In some embodiments, the computing platform may, based on the identity of the passenger of the vehicle, determine a privacy mode of a plurality of privacy modes. The computing platform may activate the privacy mode.], comprising: 
determining personal data and determining non-personal data that is separated from the personal data, wherein each of the personal and non-personal data comprise labeled data, wherein the personal data comprises information relating to at least one identified or identifiable natural person [paragraph: 0042, lines 1 – 3, Some aspects of the disclosure relate to a system that may provide one or more privacy modes for a webpage, application, vehicle display, or the like. Then at paragraph: 0043, A privacy mode may include a view that can limit what is displayed on a viewable screen. One example of a view may include a private view, which may be a view that shows all accounts and details. Another example of a view may include a semi-public view, which may be a view that shows some account information [i.e. applicant’s non - personal data - labeled], but hides other account information (e.g., balance information) [i.e. applicant’s personal data - labeled]. For example, the system might only show basic information. A further example of a view may include a public view, which may be a view that shows minimal information that might only allow a particular transaction (e.g., a withdrawal).]; and
performing, via the personal data and the non-personal data that is separated from the personal data, data processing associated with collecting sensor data associated with the vehicle [paragraph: 0043, A privacy mode may include a view that can limit what is displayed on a viewable screen. One example of a view may include a private view, which may be a view that shows all accounts and details. Another example of a view may include a semi-public view, which may be a view that shows some account information [i.e. applicant’s non - personal data - labeled], but hides other account information (e.g., balance information) [i.e. applicant’s personal data - labeled]. For example, the system might only show basic information. A further example of a view may include a public view, which may be a view that shows minimal information that might only allow a particular transaction (e.g., a withdrawal). [i.e. applicant’s performing]].
As per claim 3. Kurian does teach the method of claim 1, wherein the personal data comprises image data of the at least one identified or identifiable natural person, wherein the image data 1s captured by at least one sensor in the vehicle, wherein the image data comprises one or more of: human biometric information of the at least one identified or identifiable natural person [paragraph: 0009,  In some embodiments, the computing platform may receive, from a microphone, audio that includes speech spoken by the passenger of the vehicle. The passenger identification information may include the audio. Furthermore, determining the identity of the passenger of the vehicle may include performing voice recognition of the audio to determine the identity of the passenger.], physical features of the at least one identified or identifiable natural person [paragraph: 0008, In some embodiments, the computing platform may receive, from a camera, at least one image of the passenger of the vehicle. The passenger identification information may include the at least one image of the passenger of the vehicle. Furthermore, determining the identity of the passenger of the vehicle may include performing face recognition of the at least one image of the passenger of the vehicle to determine the identity of the passenger.], an address number associated with the at least one identified or identifiable natural person, a license plate number or other vehicle information associated with the at least one identified or identifiable natural person, or neighborhood information associated with the at least one identified or identifiable natural person.
As per claim 4. Kurian does teach the method of claim 1, wherein the sensor data comprises image data that comprises personally identifiable information (PII) of the at least one identified or identifiable natural person [paragraph: 0008, In some embodiments, the computing platform may receive, from a camera, at least one image of the passenger of the vehicle. The passenger identification information may include the at least one image of the passenger of the vehicle. Furthermore, determining the identity of the passenger of the vehicle may include performing face recognition of the at least one image of the passenger of the vehicle to determine the identity of the passenger.].
As per claim 6. Kurian does teach the method of claim 1, wherein receiving sensor data associated with the vehicle further comprises receiving masked sensor data, wherein the masked sensor data comprises both personal data and non-personal data [paragraph: 0043, A privacy mode may include a view that can limit what is displayed on a viewable screen. One example of a view may include a private view, which may be a view that shows all accounts and details [i.e. applicant’s..both personal data and non-personal data].].
As per non – transitory computer-readable medium claim 20, which includes the same or similar claim limitations as method claim 1, and is similarly rejected. 
***The examiner notes that applicant’s recited “non – transitory computer readable medium,” “one or more instructions,” and “processor,” is taught by the prior art of Kurian at paragraph: 0004, lines 1 – 3, and paragraph: 0140. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kurian et al. [US PGPUB # 2018/0137264] in view of Venkateswaran et al. [US PGPUB # 2020/0159930]
As per claim 2. Kurian does teach what is taught in the rejection of claim 1 above. 
Kurian does not clearly teach the method of claim 1, wherein the sensor data is collected by the vehicle while the vehicle is operating in an autonomous driving mode or is collected by infrastructure associated with the vehicle operating in the autonomous driving mode.
However, Venkateswaran does teach the method of claim 1, wherein the sensor data is collected by the vehicle while the vehicle is operating in an autonomous driving mode or is collected by infrastructure associated with the vehicle operating in the autonomous driving mode [paragraph: 0003, Some vehicles have autonomous navigation abilities. For example, drones and self-driving cars can be configured to autonomously navigate throughout an environment. These vehicles may collect data from a wide variety of sensors, such as light detection and ranging sensors, radar sensors, and vision-based sensors to assist them in navigating throughout an environment. Furthermore, this data may be shared across a distributed network that includes vehicle-to-vehicle communication links, vehicle-to-infrastructure communication links, vehicle-to-database communication links, and so forth.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kurian and Venkateswaran in order for the communication of sensor data containing identification data of the driver/passenger from the sensor to the computing platform of Kurian to include encrypting the sensor data while being communicated of Venkateswaran. This would allow for the sensor data while being collected from the sensor to be secured. See paragraph: 0005 of Venkateswaran. 
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kurian et al. [US PGPUB # 2018/0137264] in view of Duri et al. [US PAT # 7401233].
As per claim 7. Kurian does teach what is taught in the rejection of claim 1 above. 
Kurian does not clearly teach the method of claim 1, wherein determining the labeling of the sensor data further comprises providing at least a portion of the sensor data to a third-party server; and 
in response to providing the at least a portion of the sensor data to the third-party server, receiving sensor data in return that is labeled.
However, Duri does teach the method of claim 1, wherein determining the labeling of the sensor data further comprises providing at least a portion of the sensor data to a third-party server [Figure # 3, and , col. 7, lines 41 – 50, FIG. 3 is a schematic diagram illustrating a system 300 for selectively providing telematics data to one or more ASP's where communication between data sensors and applications may utilize a virtual blackboard that provides a data processing environment existing both locally (i.e., in the automobile) and remotely (e.g., at an ASP). Accordingly, as shown, the system 300 can include a subsystem 305 which resides and operates within a vehicle. Subsystem 305 can be configured to communicate over wireless communication links with a remote subsystem 310.]; and 
in response to providing the at least a portion of the sensor data to the third-party server, receiving sensor data in return that is labeled [Figure # 3, and col. 8, lines 13 – 24, The agents 335 can be third party application programs configured to interact with the data protection manager. For example, each ASP can provide an agent which can operate as a trusted application within the vehicle computing environment. Each agent can be configured to access needed information as per their privacy policies. Agents 335 can be configured to access only selected telematics data that has been published or otherwise made available to the data protection manager 315 and that is required for the agents 335 to perform designated processing tasks. The agents 335 can process the data and write any resulting data to the data protection manager 315.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kurian as modified and Duri in order for the communication of sensor data containing identification data of the driver/passenger from the sensor to the computing platform of Kurian as modified to include encrypting the sensor data while being communicated of Duri. This would allow for the sensor data while being collected from the sensor to be secured. See col. 9, lines 26 – 32 of Duri. 
Claim(s) 8, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kurian et al. [US PGPUB # 2018/0137264] in view of NPL: WO 2016/048177 to Bronk, Mateusz, hereinafter Bronk. 
As per claim 8. Kurian does teach what is taught in the rejection of claim 1 above. 
Kurian does not clearly teach the method of claim 1, further comprising: prior to receiving the sensor data at the first backend computer, providing the vehicle with a cryptographic key from a trusted execution environment (TEE); 
in response to providing the vehicle with the cryptographic key, receiving at least a portion of the sensor data encrypted with the cryptographic key; and
then, within the TEE, determining decrypted sensor data.
However, Bronk does teach the method of claim 1, further comprising: prior to receiving the sensor data at the first backend computer, providing the vehicle with a cryptographic key from a trusted execution environment (TEE) [Figure # 4, and paragraph: 0043, lines 16 – 19, As such, if the in-vehicle computing system 102 determines that a TEE key has not yet been provisioned, the in- vehicle computing system 102 provisions a TEE key 168 to the vehicle 120 in block 404.]; 
in response to providing the vehicle with the cryptographic key, receiving at least a portion of the sensor data encrypted with the cryptographic key [Figure # 1, and paragraph: 0036, lines 2 – 9, In some embodiments, the cryptographic module 208 may be embodied as a cryptographic engine, an independent security co-processor of the in-vehicle computing system 102, a cryptographic accelerator incorporated into the processor 150, or a standalone cryptographic software/firmware. In some embodiments, the cryptographic module 208 may cooperate with the communication module 204 to establish a secure connection with remote devices (e.g., the coordination server 108) over a network 104. For example, the cryptographic module 208 may encrypt and decrypt communications between the in-vehicle computing system 102 and the coordination server 108.]; and 
then, within the TEE, determining decrypted sensor data [paragraph: 0036, lines 2 – 9, decrypt].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kurian as modified and Bronk in order for the communication of sensor data containing identification data of the driver/passenger from the sensor to the computing platform of Kurian as modified to include encrypting the sensor data while being communicated of Bronk. This would allow for the sensor data while being collected from the sensor to be secured. See paragraph: 0043, lines 2 – 9 of Bronk. 
As per claim 16. Kurian as modified does teach the method of claim 1, wherein determining a separation of the personal data from the non-personal data, determining the labeling, or performing the data processing occurs within a trusted execution environment (TEE) associated with a master enclave or a subservient enclave [Bronk, paragraph: 0050, lines 1 – 6, In block 434, the in-vehicle computing system 102 generates an attestation quote of the trusted execution environment established by the in-vehicle computing system 102. For example, in some embodiments, the in- vehicle computing system 102 may generate a secure enclave quote. Further, in block 436, the in- vehicle computing system 102 transmits the sensor data with the generated attestation quote and the TEE key 168 signature to the coordination server 108.].

Claim(s) 10, 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kurian et al. [US PGPUB # 2018/0137264] in view of NPL: WO 2016/048177 to Bronk, Mateusz, hereinafter Bronk, as applied to claim[s] 8 above, and further in view of Ng et al. [US PGPUB # 2016/0203086]
As per claim 10. Kurian and Bronk do teach what is taught in the rejection of claim 8 above. 
	Although Kurian and Bronk do teach:
storing the non-personal data in a database [Kurian, Figure # 1 B, and paragraph: 0067, lines 1 – 8, Referring to FIG. 1B, vehicle computing platform 110 may include one or more processors 111, memory 112, and communication interface 117. A data bus may interconnect processor(s) 111, memory 112, and communication interface 117. Communication interface 117 may be a network interface configured to support communication between vehicle computing platform 110 and one or more networks (e.g., private network 195, public network 190, or the like). Memory 112 may include one or more program modules having instructions that when executed by processor(s) 111 cause vehicle computing platform 110 to perform one or more functions described herein and/or one or more databases that may store and/or otherwise maintain information which may be used by such program modules and/or processor(s) 111. In some instances, the one or more program modules and/or databases may be stored by and/or maintained in different memory units of client authentication computing platform 110 and/or by different computing devices that may form and/or otherwise make up vehicle computing platform 110.]; 
after determining the decrypted sensor data, encrypting the personal data with a sealing key [Bronk, Figure # 1, and paragraph: 0036, lines 2 – 9, For example, the cryptographic module 208 may encrypt and decrypt communications between the in-vehicle computing system 102 and the coordination server 108.].
Kurian and Bronk do not clearly teach the method of claim 8, further comprising:
 and then storing the personal data encrypted with the sealing key in the database.
However, Ng does teach the method of claim 8, further comprising:
 and then storing the personal data encrypted with the sealing key in the database [Figure # 5, and paragraph: 0051, lines 1 – 3, When the memory management circuit 202 acquires the identification code, the memory management circuit 202 can use the identification code to acquire an encryption/decryption key, and stores the encryption /decryption key in the buffer memory 252. In detail, the rewritable non-volatile memory module 106 stores a personal identification code message [i.e. applicant’s personal data] digest and an encrypted key [i.e. applicant’s sealing key].].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kurian as modified and Ng in order for the communication of sensor data containing identification data of the driver/passenger from the sensor to the computing platform of Kurian as modified to include encrypting the sensor data while being communicated of Ng. This would allow for the sensor data while being collected from the sensor to be secured. See paragraph: 0051, lines 13 – 14 of Ng. 
As per claim 11. Kurian as modified does teach the method of claim 10, further comprising: attesting a subservient enclave so that the subservient enclave can retrieve the personal data using a copy of the sealing key stored within its TEE coupled with a unique signature of the subservient enclave [Bronk, paragraph: 0043, lines 1 – 5,  Referring now to FIGS. 4-5, in use, the in- vehicle  computing system 102 may execute a method 400 for exchanging sensor information of the vehicle 120. In particular, the in-vehicle computing system 102 securely transmits sensor data generated by the sensors 156 to the coordination server 108, which may be securely forwarded to the in-vehicle computing systems 106 of relevant remote vehicles 122 (e.g., nearby vehicles 122). 
Where at paragraph: 0046, lines 8 – 19, In some embodiments, the in- vehicle computing system 102 receives the attestation quote from the coordination server 108 in response to a request from the in-vehicle computing system 102 for proof that the coordination server 108 is a trusted entity or, more specifically, that the coordination server 108 is executing code in a trusted execution environment (e.g., an SGX-protected enclave). In block 414, the in-vehicle computing system 102 verifies the attestation quote received from the coordination server 108. For example, the attestation quote may be compared to reference data to determine the security and/or authenticity of the device/component that generated the attestation quote. In doing so, in block 416, the in-vehicle computing system 102 may transmit the attestation quote to the attestation server 1 10, which analyzes the attestation quote. As indicated above, the attestation server 1 10 may be any trusted third-party server capable of evaluating attestation quotes provided by the in- vehicle computing system 102 and/or the coordination server 108.].
Claim(s) 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kurian et al. [US PGPUB # 2018/0137264] in view of NPL: WO 2016/048177 to Bronk, Mateusz, hereinafter Bronk as applied to claim[s] 8 above, and further in view of Lindemann et al. [US PGPUB # 2018/0191695]
As per claim 13. Kurian and Bronk do teach what is taught in the rejection of claim 8 above. 
Kurian and Bronk do not clearly teach the method of claim 8, wherein the labeling of the sensor data occurs within the TEE.
However, Lindemann does teach the method of claim 8, wherein the labeling of the sensor data occurs within the TEE [paragraph: 0139, lines 1 – 6, By way of example, and not limitation, the adaptive authentication module 800 may combine authentication modalities such as device fingerprinting (e.g. recognizing sensor flaws [i.e. applicant’s labeling], or camera sensor pattern noise); environmental information (e.g. GPS based location; location derived from WIFI networks; existence of wired or wireless connections to other gadgets like Nymi, smart watches (pebble), or peripherals like headsets, . . . etc.).
Where at paragraph: 0159, One way to implement an authenticator is to implement all of the components responsible for the above functions in a single module which is protected by a single protective shell. For example the entire authenticator may be implemented in a Trusted Application (TA) running in a Trusted Execution Environment (TEE) (e.g., on a client platform which supports trusted execution). In this implementation, the TA is signed ensuring that the Authenticator cannot be modified and the TEE protects the TA when executed.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Kurian as modified and Lindemann in order for the communication of sensor data containing identification data of the driver/passenger from the sensor to the computing platform of Kurian as modified to include an assurance calculation module of Lindemann. This would allow for establishing a secure connection between the sensor and computing platform by assessing a assurance measurement value that facilitates a session key for use in sensor data exchange. See paragraph: 0114 of Lindemann. 
Allowable Subject Matter
Claim[s] 5, 9, 12, 14, 15, 18, 19 contain allowable subject matter, but as allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).
***A reasons for allowance will be written in the next subsequent office action once the remaining formal requirements have been overcome by applicant.
  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Saito et al., who does teach personal information management system, a personal information management program and a personal information protecting method capable of storing personal information in consideration of security protection and facilitating utilization of the stored information. A personal information management system for handling personal information has a function of connection to a personal information dispersion management server that provides functions of encrypting personal information by the secret sharing scheme and decrypting the encrypted personal information with an index key for decrypting.
                                                                                                                                                                                            Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANT B SHAIFER HARRIMAN/          Primary Examiner, Art Unit 2434