Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application is a continuation-in-part of U.S. patent application Ser. No. 15/803,574 (Atty Docket No. 403191-US-NP), entitled “Provisioning Trusted Execution Environment Based on Chain of Trust Including Platform,” filed Nov. 3, 2017, which is incorporated herein by reference in its entirety.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/22/2022, 05/02/2022 and 08/02/2022 were filed after the mailing date of the Final Office Action on 11/22/2021. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/22/2022 has been entered.



DETAILED ACTION
This Office Action is in response to a Request for Continued Examination (RCE) application received on 03/22/2022. In the RCE, applicant has amended claims 1, 16, 21 and 23. Claims 27-28 have been added as new claims. Claims 10-15, 20 and 22 have been cancelled. Claims 2-9, 17-19 and 24-26 remain original. 
For this Office Action, claims 1-9, 16-19, 21 and 23-28 have been received for consideration and have been examined. 
Response to Arguments
Arguments regarding claims 1 and 21 under 35 USC § 102
Applicant’s arguments, filed 03/22/2022, with respect to claims 1 and 21  have been fully considered and are persuasive. Therefore, rejection of claims 1 and 21 under 35 USC § 102 has been withdrawn in light of amendments to claims 1 and 21. 
Regarding Applicant’s remarks on page # 17 that “Accordingly, Applicant submits that amended independent claim 21 is patentable over Wheeler and Martin, alone or in combination. In fact, during the Examiner interview on March 21, 2022, the Examiner confirmed that independent claim 21, as amended herein, is patentable over Wheeler and Martin. alone or in combination”, examiner respectfully disagrees. 
Examiner does not recall any conversation regarding this remark and also did not make any such commitment in the interview in which SPE Jeffrey Nickerson was also present that claim 21 is patentable over Wheeler and Martin references. For the record, examiner recommends to consult Interview summary which clearly states under 35 U.S.C. 102 that “Applicant’s proposed amendment to claim 1 and 21 were reviewed and appears to overcome the Wheeler (US20030204734A1) reference. Further search and consideration is required”.
Arguments regarding claims 2-8 and 22-26 under 35 USC § 103
	Applicant did not present any substantive and concrete arguments for claims 2-8 and 22-26 (on page # 17), however, examiner notes that Applicant has cancelled dependent claim 22 and merged the limitations into independent claim 21 in order to overcome the 35 USC § 102 rejection for claim 21 and presented the remarks for claim 22 (see page 15-16) under claim 21 remarks. After review, the remarks related to amended claim 21 has been summarized as follows:
Martin does not contemplate sending the enclave quote from node 101 to node 102 via a message passing facility, which is configured to share information that is directed to a trusted execution environment via the message passing facility with the other trusted execution environments. In fact, it appears that Martin does not contemplate such a message passing facility at all. For instance, Martin does not indicate in any way that the network 315 described therein is such a message passing facility (page # 15).
Martin mentions that in instances where the enclave quote, which is sent by node 101 to node 102, "is signed with a digital signature, verification service 313 may verify the authenticity of the signature using an appropriate digital signature verification protocol." Martin, para. [0063]. However, the enclave quote, which is sent by node 101 to node 102, being signed with a digital signature and/or the verification service 313 verifying the authenticity of the signature, as described in Martin, does not suggest in any way that a responder quote is received by node 101 from node 102, wherein the responder quote is a response to the enclave quote sent by node 101 to node 102, much less that the responder quote includes a secret key (received from node 102) encrypted with a public portion of a asymmetric key import key that is included in the enclave quote sent by node 101 to node 102. For at least these reasons, Martin does not teach “receiving a responder quote from the second trusted execution environment, wherein the responder quote is a response to the originator quote, the responder quote including the secret key encrypted with the public portion of the asymmetric key import key,” as recited by amended independent claim 21 (page # 16).
Examiner’s Response
	Regarding remark # 1, examiner respectfully disagree with applicant’s point that Martin’s ‘network 315’ does not contemplate as message passing facility. Examiner would like to note that Applicant has not elaborated as to what is the criticality of the ‘message passing facility’ in the invention. Examiner consulted the instant specification to find evidence of criticality of the ‘message passing facility’ and examiner notices that from the understanding point of view, ‘message passing facility’ is a mere communication path between the two entities such as First TEE and Second TEE as depicted in instant figure 10 which is analogous to Martin’s disclosed ‘Network 315’ in FIG. 3 which helps establish communication and pass or transmit messages ‘via Network 315’ between the respective entities as disclosed in paragraphs [0042] & [0062].
	Regarding remark # 2, examiner respectfully disagree with applicant’s remarks. Martin clearly discloses “a responder quote is received by node 101 from node 102, wherein the responder quote is a response to the enclave quote sent by node 101 to node 102, much less that the responder quote includes a secret key (received from node 102) encrypted with a public portion of a asymmetric key import key that is included in the enclave quote sent by node 101 to node 102” as mentioned in paragraphs [0050-0065] in light of FIG. 3. 
Examiner would like point to paragraphs specifically that [0062-0063] clearly discloses the root of trust [consensus algorithm] communication between node 101 [First TEE] and node 102 [Second TEE] which consist of executing a provisioning method to establish root of trust which includes node 102 verify the authenticity of the enclave quote included in an enclave message received from node 101 which includes the enclave quote may be signed with a private key of node 101 which is construed as secret key.
Arguments regarding claim 9 under 35 USC § 103
Applicant did not present any substantive and concrete arguments for claim 9 (on page # 18), however, examiner believe that claim 9 language is still taught by Russinovich reference which discloses that consensus is established among members using agreed upon consensus protocol as disclosed in [0006].
Arguments regarding claims 16-20 under 35 USC § 103
	Applicant’s remarks regarding claims 16-20 have been reviewed and summarized as follows:
Russinovich, Martin, and Arthur do not teach or suggest “implement the peer validation policy, which is configured to be implemented by each of the trusted execution environments in the consensus group and which is configured to allow trusted execution environments that execute a designated version of the consensus-based cloud service and trusted execution environments that execute subsequent versions of the consensus-based cloud service, which temporally follow the designated version, to be included in the consensus group, wherein the consensus group is configured such that members of the consensus group agree on a common result," as recited by amended independent claim 16”.
Russinovich does not even contemplate a peer validation policy which is configured to allow trusted execution environments that execute a designated version of the consensus-based cloud service and trusted execution environments that execute subsequent versions of the consensus- based cloud service, which temporally follow the designated version, to be included in the consensus group.
Arthur does not contemplate allowing the networking device to connect to the network based at least in part on a quote as a result of a peer validation policy being configured to allow trusted execution environments that execute a designated version of a consensus-based cloud service and trusted execution environments that execute subsequent versions of the consensus-based cloud service to connect to the network.
Examiner’s Response
	Regarding remark # 1, examiner respectfully disagree that none of the references teach the recited limitation. Examiner would like to mention that NPL reference of Arthur talks about Trusted Platform Module (TPM) determining state [version] of the software on the networked device and allowing it partial access to the network with its current state of the software. Arthur calls this TPM signed attestation quote to determine platform software state. To teach this concept, Arthur mentions a use case called Quote which discloses a scenario where network device is still granted partial VPN access [by directing it to a patch server] even if the network device does not meet the fully patched software requirement as per the whitelist of patched software modules (See NPL reference Page # 157).
	Regarding remark # 2, that Russinovich does not even contemplate a peer validation policy which is configured to allow trusted execution environments that execute a designated version of the consensus-based cloud service and trusted execution environments that execute subsequent versions of the consensus- based cloud service, which temporally follow the designated version, to be included in the consensus group, examiner respectfully disagree and would like to mention that NPL reference by Arthur et al., which talks about Trusted Platform Module (TPM) determining state [version] of the software on the networked device and allowing it partial access to the network with its current state of the software. Arthur calls this TPM signed attestation quote to determine platform software state. To teach this concept, Arthur mentions a use case called Quote which discloses a scenario where network device is still granted partial VPN access [by directing it to a patch server] even if the network device does not meet the fully patched software requirement as per the whitelist of patched software modules (See NPL reference Page # 157).
	Regarding remark # 3, that Arthur does not contemplate allowing the networking device to connect to the network based at least in part on a quote as a result of a peer validation policy being configured to allow trusted execution environments that execute a designated version of a consensus-based cloud service and trusted execution environments that execute subsequent versions of the consensus-based cloud service to connect to the network, examiner respectfully disagree. 
	To teach the above limitation, examiner has relied upon NPL reference by Arthur et al., which talks about Trusted Platform Module (TPM) determining state [version] of the software on the networked device and allowing it partial access to the network with its current state of the software. Arthur calls this TPM signed attestation quote to determine platform software state. To teach this concept, Arthur mentions a use case called Quote which discloses a scenario where network device is still granted partial VPN access [by directing it to a patch server] even if the network device does not meet the fully patched software requirement as per the whitelist of patched software modules (See NPL reference Page # 157).
	
Arguments regarding new claims 27-28 under 35 USC § 103
Applicant’s arguments with respect to claim(s) 27-28 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1-9 are rejected under 35 U.S.C. 112(a), as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention.
Independent claim 1 recites “cause the consensus algorithm to trigger inclusion of the first trusted execution environment in the consensus group by providing an acceptance of the invitation to the consensus algorithm”. 
Examiner consulted the instant specification and notes that “Delay Logic 1310” which is a part of “First TEE 1316” (See FIG. 13) which  causes the consensus between the trusted execution environments to be established based at least in part on the “consensus acceptance 1350” being provided to the consensus algorithm and not the consensus algorithm as presented in the amended claims. See [0139]

    PNG
    media_image1.png
    276
    604
    media_image1.png
    Greyscale
and [0141] 

    PNG
    media_image2.png
    250
    604
    media_image2.png
    Greyscale

which both discloses that the “Delay logic 1310” is the entity which is actually performing the action of triggering inclusion of the First TEE into the consensus group based on the secret key and acceptance of the invitation. 
Therefore, amended claim language lacks written description support in the instant specification.                                                                                                                                                                                                 
Dependent claims inherit this deficiency.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Wheeler., (US20030204734A1) in view of Russinovich et al., (US20180225661A1).
Regarding claim 1, Wheeler discloses:
A system to establish consensus between trusted execution environments, the system comprising: 
memory and one or more processors coupled to the memory (i.e. authenticator 104), 
the one or more processors configured to execute the trusted execution environments, the trusted execution environments including at least a first trusted execution environment (i.e. Invitee 106) and a second trusted execution environment (i.e. Inviter 102), the second trusted execution environment included in a consensus group (i.e. an inviter already in the group) that includes a plurality of members, the first trusted execution environment (see Abstract), 
the first trusted execution environment configured to: 
receive an invitation to join the consensus group (See FIG. 3a; [0030] In step 302, the inviter 102 creates an invitation for the invitee 106 … In step 304, the invitation is made known both to the invitee 106 and to the authenticator 104);
obtain a secret key (i.e. shared secret password), from the second trusted execution environment ([0030] The inviter 102 creates a first public/private encryption key pair by running a determinative function with the shared secret password as input; [0035] The flow chart of FIG. 4 provides further details into the inviter 102's work in creating an invitation. In step 300 of FIG. 3a, the inviter 102 and the invitee 106 share a secret password); and 
use the secret key (i.e. see steps 306-310 in FIG. 3a ‘for using the secret key in response to the invitation’) that is received from the second trusted execution environment, which is included in the consensus group, to join the consensus group by accepting the invitation based at least in part on the secret key being obtained from the second trusted execution environment (See FIG. 3b; [0033] In step 316, the authenticator 104 compares the challenge response value received from the invitee 106 with the expected challenge response value generated by the authenticator 104 in step 308. If they match, the authenticator 104 trusts that this invitee 106 must be the one for which the inviter 102 issued the invitation; [0064] When the authenticator 104 sees that the decrypted value received from the invitee 106 matches its own expected challenge response value, it admits the invitee 106 into the ad hoc group 100 (step 316 of FIG. 3b));
the first trusted execution environment being a first secure area associated with a platform in a computing system (FIG. 1 discloses that ‘Invitee 106’ is a separate computing system from the ‘Inviter 102’ which is construed as a first trusted environment; see [0025]), 
the second trusted execution environment being a second secure area associated with a platform in a computing system (FIG. 1 discloses that ‘Inviter 102’ is a separate computing system from the ‘Invitee 106’ which is construed as a second trusted environment; see [0025]).
Wheeler fails to disclose:
	invitation to join the group is from a consensus algorithm; consensus algorithm is configured to achieve consensus among the plurality of members of the consensus group; invitation being received from the consensus algorithm and cause the consensus algorithm to trigger inclusion of the first trusted execution environment in the consensus group by providing an acceptance of the invitation to the consensus algorithm. 
However, Russinovich discloses:
	invitation to join the group is from a consensus algorithm (FIG. 10 and [0111-0112] discloses a process of proposing to add a new member to the consortium network by the members of the consortium network which are already part of the consortium network is construed as a step of inviting a new member to the group using agreed-upon consensus protocol); 
consensus algorithm is configured to achieve consensus among the plurality of members of the consensus group (FIG. 10 and [0111-0112] discloses a process that seeks votes of members ‘m1’ and ‘m2’ when adding a new member ‘m3’ into the group and based on votes from m1 and m2 members, a new member m3 is added to the network which is construed as ‘achieving consensus’ through consensus protocol);
invitation being received from the consensus algorithm and cause the consensus algorithm to trigger inclusion of the first trusted execution environment in the consensus group by providing an acceptance of the invitation to the consensus algorithm (FIG. 10 and [0111-0112] discloses a process that seeks votes of members ‘m1’ and ‘m2’ when adding a new member ‘m3’ into the group and based on votes from m1 and m2 members, a new member m3 is added to the network which is construed as ‘achieving consensus’ through consensus protocol).
It would have been t would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Wheeler and protect the communication and access between trusted execution environments through a consensus protocol, as disclosed by Russinovich.
The motivation to leverage consensus protocol is to ensure prospective nodes in the network contain required attributes of consensus protocol before added to the blockchain network.
Regarding claim 6, the combination of Wheeler and Russinovich discloses:
The system of claim 1, wherein the first trusted execution environment is configured to delay acceptance of the invitation to join the consensus group until the secret key is received from the second trusted execution environment (Wheeler: See FIG. 3b; [0033] In step 316, the authenticator 104 compares the challenge response value received from the invitee 106 with the expected challenge response value generated by the authenticator 104 in step 308. If they match, the authenticator 104 trusts that this invitee 106 must be the one for which the inviter 102 issued the invitation).
Regarding claim 8, the combination of Wheeler and Russinovich discloses:
The system of claim 1, wherein the system is configured to establish the consensus between the trusted execution environments in a manner in which a provider of a cloud service that is utilized by at least the first trusted execution environment is (A) unable to manipulate the shared state of the consensus group and (B) unable to know the secret key (Wheeler: [0011] The authenticator compares the challenge response value received from the invitee with its own expected challenge response value. If they match, the authenticator trusts that this invitee must be the one for which the inviter issued the invitation. No third party knows the secret shared password so no third party could have correctly recreated the shared challenge encryption key and performed the operation necessary to derive the challenge response value from the challenge value. The authenticator then admits the invitee into the group).
Regarding claim 9, the combination of Wheeler and Russinovich discloses:
The system of claim 1, wherein the system is configured to establish the consensus between the trusted execution environments in a manner that is consensus algorithm agnostic ([0006] prospective members of a blockchain consortium agree upon certain aspects of a consortium blockchain network before establishing the network, including, for example, the blockchain protocol code to be used, the consensus protocol to be used, the initial membership list, and possibly also many other aspects of the blockchain network).


Claims 1, 6 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Wheeler., (US20030204734A1) in view of Russinovich et al., (US20180225661A1) and further in view of Martin et al., (US20150347768A1).
Regarding claim 2, the combination of Wheeler and Russinovich fails to disclose:
	The system of claim 1, wherein the first trusted execution environment is configured to: generate an originator quote that includes (a) a public portion of an asymmetric key import key and (b) a hash of measurement information that is signed with a platform signing key of a platform, the measurement information including measurements of the first trusted execution environment that are gathered by the platform, the measurements indicating attributes of the first trusted execution environment; provide the originator quote to the second trusted execution environment via a message passing facility, which is configured to share information that is directed to a trusted execution environment via the message passing facility with the other trusted execution environments; and receive a responder quote from the second trusted execution environment, the responder quote being a response to the originator quote, the responder quote including the secret key encrypted with the public portion of the asymmetric key import key.
However, Martin discloses:
wherein the first trusted execution environment (i.e. Node 101 / “client” provisioning module (CPM) 306) is configured to: 
generate an originator quote (i.e. enclave report verification operations) that includes (a) a public portion of an asymmetric key import key ([0052] Node 101 may also include quoting module 307 … when executed (e.g., by processor 302) may cause node 101 to perform enclave report verification operations and enclave quote generation operations; [0058] CPM 306 may further cause node 101 to perform enclave quote generation operations; [0061] quoting module 307 may cause node 101 to generate an enclave quote that includes node 101's public key) and
	(b) a hash of measurement information that is signed with a platform signing key of a platform, the measurement information (See FIG.3; i.e. client's platform ID, relevant user IDs, the security version number (SVN) of enclave) including measurements of the first trusted execution environment that are gathered by the platform ([0057] CPM 306 may also cause node 101 to generate an enclave report. The enclave report may include, for example, a hash of a user data blob (hereinafter, “userdata”) that encapsulates information stored in memory enclave 304; [0058] CPM 306 may further cause node 101 to perform enclave quote generation operations), the measurements indicating attributes of the first trusted execution environment ([0061] For example, quoting module 307 may cause node 101 to generate an enclave quote that includes node 101's public key (i.e., Cpub). Further examples of other information that may be included in the enclave quote include the client's platform ID, relevant user IDs, the security version number (SVN) of enclave 304, the identity of the ISV that provided enclave 304, a measurement of enclave 304, application specific identification (ID) combinations thereof, and the like; [0063] SPM 312 may cause node 102 to transfer the quoting message to verification service 313, which may be local or remote to node 102, as illustrated in FIG. 3 by the hashing of box 313);
	provide the originator quote to the second trusted execution environment (i.e. node 102) via a message passing facility, which is configured to share information that is directed to a trusted execution environment via the message passing facility with the other trusted execution environments ([0062] CPM 306 may then cause node 101 to transmit the quoting message to node 102, e.g., via network 315.
Examiner construe network 315 as message passing facility. Also CPM as first TEE and node 102 as second TEE); and
receive a responder quote from the second trusted execution environment, the responder quote being a response to the originator quote, the responder quote including the secret key encrypted with the public portion of the asymmetric key import key ([0063] In response to the quoting message, SPM 312 may cause node 102 to verify the authenticity of the enclave quote included in an enclave message received from node 101 … the enclave quote may be signed with a private key of node 101, such as enhanced privacy identification (EPID) private key. In such a case, verification service 313 may verify the authenticity of the signature using a corresponding public key, such as an EPID public key).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Wheeler and Russinovich and protect the communication and access between trusted execution environments through quote generation which includes node verification information, as disclosed by Martin.
The motivation to protect the communication and access between trusted execution environments is to applications from malware attacks within the trusted execution environment.
Regarding claim 3, the combination of Wheeler, Russinovich and Martin discloses:
The system of claim 2, wherein the first trusted execution environment is configured to gather self-reported measurements of the first trusted execution environment, the self-reported measurements indicating second attributes of the first trusted execution environment; and wherein the measurement information further includes the self-reported measurements of the first trusted execution environment (Martin: [0052] Node 101 may also include quoting module 307, which may include computer readable instructions that when executed (e.g., by processor 302) may cause node 101 to perform enclave report verification operations and enclave quote generation operations consistent with the present disclosure. Quoting module 307 may be stored and executed within memory enclave 304, or may be stored and executed in another (quoting) enclave).
Regarding claim 4, the combination of Wheeler, Russinovich and Martin discloses:
The system of claim 3, wherein the self-reported measurements include one or more keys (Martin: [0056] Further in response to the reply message, CPM 306 may cause node 101 to generate an asymmetric key pair, such as may be used in Rivest, Shamir, Adleman (RSA) public key encryption and/or a digital signature protocol. More specifically, CPM 306 may be configured to cause node 101 to generate an asymmetric key pair including a node/client public key (Cpub) and a client private key (Cpriv) (the use of “C” does not suggest node 102 must be a client or any other form of node), both of which may be stored in and/or sealed to memory enclave 304).
Regarding claim 5, the combination of Wheeler, Russinovich and Martin discloses:
The system of claim 2, wherein the responder quote includes a hash of self-reported measurements of the second trusted execution environment that are gathered by the second trusted execution environment, the self-reported measurements indicating attributes of the second trusted execution environment (Martin: [0057] CPM 306 may also cause node 101 to generate an enclave report. The enclave report may include, for example, a hash of a user data blob (hereinafter, “userdata”) that encapsulates information stored in memory enclave 304. The userdata may encapsulate nonce N (node 102 anti-replay information), nonce M (node 101 anti-replay information), and Cpub, optionally in combination with other information stored in memory enclave 304); and
wherein the first trusted execution environment is configured to authenticate the second trusted execution environment based at least in part on the self-reported measurements of the second trusted execution environment (Martin: [0063] In response to the quoting message, SPM 312 may cause node 102 to verify the authenticity of the enclave quote included in an enclave message received from node 101. Verification of the enclave quote may be performed in any manner. For example, SPM 312 may cause node 102 to transfer the quoting message to verification service 313, which may be local or remote to node 102, as illustrated in FIG. 3 by the hashing of box 313).
Regarding claim 7, the combination of Wheeler, Russinovich and Martin discloses:
The system of claim 6, wherein the first trusted execution environment is configured to delay acceptance of the invitation to join the consensus group until (a) the secret key is received from the second trusted execution environment (Wheeler: [0033]), (b) the secret key is validated (Wheeler: [0033]), and (c) a version number of the shared state of the consensus group and a reference version number are confirmed to be same (Martin: [0061]).

Claims 16-19 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Russinovich et al., (US20180225661A1) in view of Martin et al., (US20150347768A1) and further in view of NPL Document titled “A Practical Guide to TPM 2.0” authored by Arthur et al., https://link.springer.com/content/pdf/10.1007%2F978-1-4302-6584-9.pdf dated 23 January 2015 hereinafter referred as ‘Arthur’. 
Regarding claim 16, Russinovich discloses:
A system to update a consensus-based cloud service that is executed by trusted execution environments in a consensus group, the system comprising: 
memory; and one or more processors coupled to the memory, the one or more processors configured to execute the trusted execution environments, the trusted execution environments including at least a first trusted execution environment (i.e. validation node (VN)) that executes a first version (i.e. previous version) of the consensus-based cloud service (i.e. new version), the first trusted execution environment configured to perform operations comprising: 
receive a peer validation policy (i.e. certain aspects of a consortium blockchain code) from a client device (i.e. a prospective member) (See [0005-0006]); 
implement the peer validation policy, which is configured to be implemented by each of the trusted execution environments in the consensus group and which specifies criteria that are usable by each trusted execution environment in the consensus group to determine whether another trusted execution environment is included in the consensus group, wherein the consensus group is configured such that members of the consensus group agree on a common result (See [0006] prospective members of a blockchain consortium agree upon certain aspects of a consortium blockchain network before establishing the network, including, for example, the blockchain protocol code to be used, the consensus protocol to be used, the initial membership list, and possibly also many other aspects of the blockchain network. At least one of the prospective members may endorse a validation node (VN). Upon verification that certain agreed-upon aspects by all of the members are the same, such as the blockchain protocol to be used and consensus protocol to be used, TEE attestation may be used to verify that each of the nodes store the agreed-upon blockchain network protocol and the agreed-upon consensus protocol); 
the second trusted execution environment (i.e. prospective member) that seeks to join the consensus group, executes a second version (i.e. new version) of the consensus-based cloud service that is different from the first version of the consensus-based cloud service that is executed by the first trusted execution environment ([0109] there are two ways that the blockchain evolves: membership updates, as described above, and blockchain code updates. When the network agrees on a protocol update, this may result in the desire for the network to accept one or more new implementations of the blockchain code. A member that wishes to upgrade the blockchain code may shut down their existing VNs and launch new ones in place of the existing VNs. The member may choose to allow the new VNs to trust previous versions, or to only trust new versions. Trusting existing versions may ensure that transactions can continue to be processed while the new version doesn't have a M of N majority, but new versions and not existing versions may be done instead if the previous code is considered untrustworthy for some reason, or if the complexity to maintain protocol compatibility it too great. 
Examiner’s Note: It is inherent that in order for the new member to be allowed to join the consensus network, either the old member has to trust the new version from the new member or force the new member to agree on existing version).
Russinovich fails to disclose:
	receive a quote from a second trusted execution environment; validate the second trusted execution environment as being included in the consensus group based at least in part on the peer validation policy and further based at least in part on the quote despite the first version of the consensus-based cloud service executed by the first trusted execution environment and the second version of the consensus-based cloud service executed by the second trusted execution environment being different; wherein the first trusted execution environment is configured to validate the second trusted execution environment by parsing the quote into a set of claims, the claims including at least a first claim and a second claim, the first claim indicating a version number of the second trusted execution environment, the second claim indicating that the second trusted execution environment executes the second version of the consensus-based cloud service; the peer validation policy indicating that a version of the consensus-based cloud service that is executed by a trusted execution environment is to be a designated version or a subsequent version in order for the second trusted execution environment to be included in the consensus group; and wherein the first trusted execution environment is configured to validate the second trusted execution environment further by determining that the second version of the consensus-based cloud service is the designated version or a subsequent version in satisfaction of the peer validation policy.
However, Martin discloses:
	receive a quote (i.e. enclave report verification operations) from a second trusted execution environment (([0052] Node 101 may also include quoting module 307 … when executed (e.g., by processor 302) may cause node 101 to perform enclave report verification operations and enclave quote generation operations; [0062] CPM 306 may then cause node 101 to transmit the quoting message to node 102, e.g., via network 315).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Russinovich and protect the communication and access between trusted execution environments through quote generation which includes node verification information, as disclosed by Martin.
The motivation to protect the communication and access between trusted execution environments is to applications from malware attacks within the trusted execution environment.
The combination of Russinovich and Martin fails to disclose:
	validate the second trusted execution environment as being included in the consensus group based at least in part on the peer validation policy and further based at least in part on the quote despite the first version of the consensus-based cloud service executed by the first trusted execution environment and the second version of the consensus-based cloud service executed by the second trusted execution environment being different; wherein the first trusted execution environment is configured to validate the second trusted execution environment by parsing the quote into a set of claims, the claims including at least a first claim and a second claim, the first claim indicating a version number of the second trusted execution environment, the second claim indicating that the second trusted execution environment executes the second version of the consensus-based cloud service; the peer validation policy indicating that a version of the consensus-based cloud service that is executed by a trusted execution environment is to be a designated version or a subsequent version in order for the second trusted execution environment to be included in the consensus group; and wherein the first trusted execution environment is configured to validate the second trusted execution environment further by determining that the second version of the consensus-based cloud service is the designated version or a subsequent version in satisfaction of the peer validation policy.
However, Arthur discloses:
validate the second trusted execution environment (i.e. network device) as being included in the consensus group based at least in part on the peer validation policy (i.e. VPN policy to direct “unpatched network device” to route network packets to a patch server) and further based at least in part on the quote despite the first version of the consensus-based cloud service executed by the first trusted execution environment and the second version of the consensus-based cloud service executed by the second trusted execution environment being different (See section “USE CASE: QUOTE” Page # 157: discloses a scenario where network device is still granted partial VPN access [by directing it to a patch server] even if the network device does not meet the fully patched software requirement as per the whitelist of patched software modules); 
wherein the first trusted execution environment is configured to validate the second trusted execution environment by parsing the quote into a set of claims, the claims including at least a first claim and a second claim, the first claim indicating a version number of the second trusted execution environment, the second claim indicating that the second trusted execution environment executes the second version of the consensus-based cloud service; the peer validation policy indicating that a version of the consensus-based cloud service that is executed by a trusted execution environment is to be a designated version or a subsequent version in order for the second trusted execution environment to be included in the consensus group; and wherein the first trusted execution environment is configured to validate the second trusted execution environment further by determining that the second version of the consensus- based cloud service is the designated version or a subsequent version in satisfaction of the peer validation policy (Arthur: See sections “USE CASE: VPN KEYS” on page # 155 & “USE CASE: QUOTE” on page # 157 which discloses that only a client with approved software state or version will be allowed to connect through VPN which is equivalent to claimed ‘designated version’  of the peer validation policy).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Russinovich and Martin references and include a Platform Configuration Register (PCR) in the Trusted Platform Module (TPM), as disclosed by Arthur.
The motivation to include a Platform Configuration Register (PCR) in the Trusted Platform Module (TPM) is cryptographically measure software state of the unknown computing entity before allowing it a secure network access of a trusted computing environment.
Regarding claim 17, the combination of Russinovich, Martin and Arthur discloses:
The system of claim 16, wherein the quote includes (a) a public portion of an asymmetric key import key (Martin: [0052] Node 101 may also include quoting module 307 … when executed (e.g., by processor 302) may cause node 101 to perform enclave report verification operations and enclave quote generation operations; [0058] CPM 306 may further cause node 101 to perform enclave quote generation operations; [0061] quoting module 307 may cause node 101 to generate an enclave quote that includes node 101's public key) and 
(b) a hash of measurement information that is signed with a platform signing key of a platform, the measurement information including measurements of the second trusted execution environment that are gathered by the platform, the measurements indicating attributes of the second trusted execution environment, the attributes indicating that the second trusted execution environment executes the second version of the consensus-based cloud service (Martin: [0057] CPM 306 may also cause node 101 to generate an enclave report. The enclave report may include, for example, a hash of a user data blob (hereinafter, “userdata”) that encapsulates information stored in memory enclave 304; [0058] CPM 306 may further cause node 101 to perform enclave quote generation operations), the measurements indicating attributes of the first trusted execution environment ([0061] For example, quoting module 307 may cause node 101 to generate an enclave quote that includes node 101's public key (i.e., Cpub). Further examples of other information that may be included in the enclave quote include the client's platform ID, relevant user IDs, the security version number (SVN) of enclave 304, the identity of the ISV that provided enclave 304, a measurement of enclave 304, application specific identification (ID) combinations thereof, and the like).
Regarding claim 18, the combination of Russinovich, Martin and Arthur discloses:
The system of claim 17, wherein the first trusted execution environment is configured to perform the operations further comprising: generate a responder quote that includes self-reported measurements of the first trusted execution environment, the self-reported measurements indicating attributes of the first trusted execution environment (Martin: [0063] In response to the quoting message, SPM 312 may cause node 102 to verify the authenticity of the enclave quote included in an enclave message received from node 101 … the enclave quote may be signed with a private key of node 101, such as enhanced privacy identification (EPID) private key. In such a case, verification service 313 may verify the authenticity of the signature using a corresponding public key, such as an EPID public key).  
Regarding claim 19, the combination of Russinovich, Martin and Arthur discloses:
The system of claim 16, wherein the one or more processors are configured to ensure that secrets of the consensus group are not disclosed to a provider of the consensus-based cloud service throughout a time period during which the consensus-based cloud service is updated from the first version to the second version (Arthur: See sections “USE CASE: VPN KEYS” & “SECURELY PASSING A PASSWORD FROM THE OS PRESENT TO OS ABSENT ENVIRONMENT” Page # 155).
Regarding claim 28, the combination of Russinovich, Martin and Arthur discloses:

The system of claim 16, wherein the claims further include a third claim that indicates at least one of a publisher of the second trusted execution environment or an author of the second trusted execution environment (Martin: [0057] discloses node 101 platform identification which includes platform ID, a user identification (user ID) of one or more users of node 101 which is construed as publisher of the trusted environment).

	Claims 21 and onwards are rejected under 35 U.S.C. 103 as being unpatentable over Wheeler., (US20030204734A1) in view of Martin et al., (US20150347768A1).
Regarding claim 21, Wheeler discloses:
	A method of establishing consensus between trusted execution environments, which include at least a first trusted execution environment and a second trusted execution environment, using one or more processors of a processor-based system, the method comprising:
receiving, by the first trusted execution environment, an invitation to join the consensus group (See FIG. 3a; [0030] In step 302, the inviter 102 creates an invitation for the invitee 106 … In step 304, the invitation is made known both to the invitee 106 and to the authenticator 104);
obtaining, by the first trusted execution environment, a secret key (i.e. shared secret password), from the second trusted execution environment ([0030] The inviter 102 creates a first public/private encryption key pair by running a determinative function with the shared secret password as input; [0035] The flow chart of FIG. 4 provides further details into the inviter 102's work in creating an invitation. In step 300 of FIG. 3a, the inviter 102 and the invitee 106 share a secret password); and 
responsive to receiving the invitation and the secret key (i.e. see steps 306-310 in FIG. 3a ‘for responsive to receiving the invitation step’), use the secret key that is received from the second trusted execution environment, which is included in the consensus group, to join the consensus group by accepting the invitation based at least in part on the secret key being obtained from the second trusted execution environment (See FIG. 3b; [0033] In step 316, the authenticator 104 compares the challenge response value received from the invitee 106 with the expected challenge response value generated by the authenticator 104 in step 308. If they match, the authenticator 104 trusts that this invitee 106 must be the one for which the inviter 102 issued the invitation; [0064] When the authenticator 104 sees that the decrypted value received from the invitee 106 matches its own expected challenge response value, it admits the invitee 106 into the ad hoc group 100 (step 316 of FIG. 3b)).
Wheeler fails to disclose:
	wherein obtaining the secret key comprises: generating an originator quote that includes (a) a public portion of an asymmetric key import key and (b) a hash of measurement information that is signed with a platform signing key of a platform, the measurement information including measurements of the first trusted execution environment that are gathered by the platform, the measurements indicating attributes of the first trusted execution environment; provide the originator quote to the second trusted execution environment via a message passing facility, which is configured to share information that is directed to a trusted execution environment via the message passing facility with the other trusted execution environments; and receive a responder quote from the second trusted execution environment, the responder quote being a response to the originator quote, the responder quote including the secret key encrypted with the public portion of the asymmetric key import key.
However, Martin discloses:
generating an originator quote (i.e. enclave report verification operations) that includes (a) a public portion of an asymmetric key import key ([0052] Node 101 may also include quoting module 307 … when executed (e.g., by processor 302) may cause node 101 to perform enclave report verification operations and enclave quote generation operations; [0058] CPM 306 may further cause node 101 to perform enclave quote generation operations; [0061] quoting module 307 may cause node 101 to generate an enclave quote that includes node 101's public key) and
	(b) a hash of measurement information that is signed with a platform signing key of a platform, the measurement information (See FIG.3; i.e. client's platform ID, relevant user IDs, the security version number (SVN) of enclave) including measurements of the first trusted execution environment that are gathered by the platform ([0057] CPM 306 may also cause node 101 to generate an enclave report. The enclave report may include, for example, a hash of a user data blob (hereinafter, “userdata”) that encapsulates information stored in memory enclave 304; [0058] CPM 306 may further cause node 101 to perform enclave quote generation operations), the measurements indicating attributes of the first trusted execution environment ([0061] For example, quoting module 307 may cause node 101 to generate an enclave quote that includes node 101's public key (i.e., Cpub). Further examples of other information that may be included in the enclave quote include the client's platform ID, relevant user IDs, the security version number (SVN) of enclave 304, the identity of the ISV that provided enclave 304, a measurement of enclave 304, application specific identification (ID) combinations thereof, and the like; [0063] SPM 312 may cause node 102 to transfer the quoting message to verification service 313, which may be local or remote to node 102, as illustrated in FIG. 3 by the hashing of box 313);
	provide the originator quote to the second trusted execution environment (i.e. node 102) via a message passing facility, which is configured to share information that is directed to a trusted execution environment via the message passing facility with the other trusted execution environments ([0062] CPM 306 may then cause node 101 to transmit the quoting message to node 102, e.g., via network 315.
Examiner construe network 315 as message passing facility. Also CPM as first TEE and node 102 as second TEE); and
receive a responder quote from the second trusted execution environment, the responder quote being a response to the originator quote, the responder quote including the secret key encrypted with the public portion of the asymmetric key import key ([0063] In response to the quoting message, SPM 312 may cause node 102 to verify the authenticity of the enclave quote included in an enclave message received from node 101 … the enclave quote may be signed with a private key of node 101, such as enhanced privacy identification (EPID) private key. In such a case, verification service 313 may verify the authenticity of the signature using a corresponding public key, such as an EPID public key).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Wheeler and protect the communication and access between trusted execution environments through quote generation which includes node verification information, as disclosed by Martin.
The motivation to protect the communication and access between trusted execution environments is to applications from malware attacks within the trusted execution environment.
Regarding claim 23, the combination of Wheeler and Martin discloses:
The method of claim 21, further comprising:
gathering self-reported measurements of the first trusted execution environment, the self-reported measurements indicating second attributes of the first trusted execution environment; and wherein the measurement information further includes the self-reported measurements of the first trusted execution environment (Martin: [0052] Node 101 may also include quoting module 307, which may include computer readable instructions that when executed (e.g., by processor 302) may cause node 101 to perform enclave report verification operations and enclave quote generation operations consistent with the present disclosure. Quoting module 307 may be stored and executed within memory enclave 304, or may be stored and executed in another (quoting) enclave).
Regarding claim 24, the combination of Wheeler and Martin discloses:
The method of claim 23, wherein the self-reported measurements include one or more keys (Martin: [0056] Further in response to the reply message, CPM 306 may cause node 101 to generate an asymmetric key pair, such as may be used in Rivest, Shamir, Adleman (RSA) public key encryption and/or a digital signature protocol. More specifically, CPM 306 may be configured to cause node 101 to generate an asymmetric key pair including a node/client public key (Cpub) and a client private key (Cpriv) (the use of “C” does not suggest node 102 must be a client or any other form of node), both of which may be stored in and/or sealed to memory enclave 304).
Regarding claim 25, the combination of Wheeler and Martin discloses:
The method of claim 22, wherein the responder quote includes a hash of self-reported measurements of the second trusted execution environment that are gathered by the second trusted execution environment, the self-reported measurements indicating attributes of the second trusted execution environment (Martin: [0057] CPM 306 may also cause node 101 to generate an enclave report. The enclave report may include, for example, a hash of a user data blob (hereinafter, “userdata”) that encapsulates information stored in memory enclave 304. The userdata may encapsulate nonce N (node 102 anti-replay information), nonce M (node 101 anti-replay information), and Cpub, optionally in combination with other information stored in memory enclave 304); and
wherein the first trusted execution environment is configured to authenticate the second trusted execution environment based at least in part on the self-reported measurements of the second trusted execution environment (Martin: [0063] In response to the quoting message, SPM 312 may cause node 102 to verify the authenticity of the enclave quote included in an enclave message received from node 101. Verification of the enclave quote may be performed in any manner. For example, SPM 312 may cause node 102 to transfer the quoting message to verification service 313, which may be local or remote to node 102, as illustrated in FIG. 3 by the hashing of box 313).
Regarding claim 26, the combination of Wheeler and Martin discloses:
The method of claim 21, wherein the first trusted execution environment is configured to delay acceptance of the invitation to join the consensus group until the secret key is received from the second trusted execution environment (Wheeler: See FIG. 3b; [0033] In step 316, the authenticator 104 compares the challenge response value received from the invitee 106 with the expected challenge response value generated by the authenticator 104 in step 308. If they match, the authenticator 104 trusts that this invitee 106 must be the one for which the inviter 102 issued the invitation).

Claim 27 are rejected under 35 U.S.C. 103 as being unpatentable over Wheeler., (US20030204734A1) in view of Martin et al., (US20150347768A1) and further in view of Russinovich et al., (US20180225661A1).
Regarding claim 27, the combination of Wheeler and Martin discloses:
	The method of claim 21, wherein receiving the invitation to join the consensus group comprises:
receiving, by the first trusted execution environment, the invitation to join the consensus group (See FIG. 3a; [0030] In step 302, the inviter 102 creates an invitation for the invitee 106 … In step 304, the invitation is made known both to the invitee 106 and to the authenticator 104);
obtain a secret key (i.e. shared secret password), from the second trusted execution environment ([0030] The inviter 102 creates a first public/private encryption key pair by running a determinative function with the shared secret password as input; [0035] The flow chart of FIG. 4 provides further details into the inviter 102's work in creating an invitation. In step 300 of FIG. 3a, the inviter 102 and the invitee 106 share a secret password); and 
using the secret key (i.e. see steps 306-310 in FIG. 3a ‘for using the secret key in response to the invitation’) that is received from the second trusted execution environment, which is included in the consensus group, to join the consensus group by accepting the invitation based at least in part on the secret key being obtained from the second trusted execution environment (See FIG. 3b; [0033] In step 316, the authenticator 104 compares the challenge response value received from the invitee 106 with the expected challenge response value generated by the authenticator 104 in step 308. If they match, the authenticator 104 trusts that this invitee 106 must be the one for which the inviter 102 issued the invitation; [0064] When the authenticator 104 sees that the decrypted value received from the invitee 106 matches its own expected challenge response value, it admits the invitee 106 into the ad hoc group 100 (step 316 of FIG. 3b)).
The combination of Wheeler and Martin fails to disclose:
	invitation to join the group is from a consensus algorithm; consensus algorithm is configured to achieve consensus among the plurality of members of the consensus group; invitation being received from the consensus algorithm and cause the consensus algorithm to trigger inclusion of the first trusted execution environment in the consensus group by providing an acceptance of the invitation to the consensus algorithm. 
However, Russinovich discloses:
	invitation to join the group is from a consensus algorithm (FIG. 10 and [0111-0112] discloses a process of proposing to add a new member to the consortium network by the members of the consortium network which are already part of the consortium network is construed as a step of inviting a new member to the group using agreed-upon consensus protocol); 
consensus algorithm is configured to achieve consensus among the plurality of members of the consensus group (FIG. 10 and [0111-0112] discloses a process that seeks votes of members ‘m1’ and ‘m2’ when adding a new member ‘m3’ into the group and based on votes from m1 and m2 members, a new member m3 is added to the network which is construed as ‘achieving consensus’ through consensus protocol);
invitation being received from the consensus algorithm and cause the consensus algorithm to trigger inclusion of the first trusted execution environment in the consensus group by providing an acceptance of the invitation to the consensus algorithm (FIG. 10 and [0111-0112] discloses a process that seeks votes of members ‘m1’ and ‘m2’ when adding a new member ‘m3’ into the group and based on votes from m1 and m2 members, a new member m3 is added to the network which is construed as ‘achieving consensus’ through consensus protocol).
It would have been t would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Wheeler and Martin and protect the communication and access between trusted execution environments through a consensus protocol, as disclosed by Russinovich.
The motivation to leverage consensus protocol is to ensure prospective nodes in the network contain required attributes of consensus protocol before added to the blockchain network.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED M AHSAN/Patent Examiner, Art Unit 2432                                                                                                                                                                                                        08/23/2022