DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on July 01, 2022.
Status of claims within the present application:
Claims 1 – 20 are pending.
Claims 1, 11, and 20 are amended.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on July 01, 2022 has been entered.

Response to Arguments.
Applicant’s arguments, see page [7] of applicant’s remarks, filed July 01, 2022, with respect to claims 1 – 20 that were rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement, have been fully considered and are persuasive. Therefore, the rejection is withdrawn.
Applicant’s arguments, see page [7] of applicant’s remarks, filed July 06, 2022, with respect to claims 1 – 4, 8 – 13, and 17 – 20 that were rejected under 35 U.S.C. 103 as being unpatentable over US 20190140846 A1 to Moore et al., (hereinafter, “Moore”) in view of US 9479328 B1 to Wilburn et al., (hereinafter, “Wilburn”), have been fully considered, but they are not persuasive. Therefore, the applicant is directed to the response below:
Applicant argues that the prior arts does not “after launching the escrow TEE instance, receive a request to start the application TEE instance”. Examiner notes that Moore initially discloses “in a first step of the sequence, the primary TEE retrieves a quote from the peer. The quote includes a public portion of the KIK (KIKpub) that is generated by that peer. In a second step, the primary TEE validates the received quote (e.g., by comparing the peer's measurements to its own or by other means, such as a higher version number of the same enclave) and confirms that the signature over the quote chains up to the platform associated with the TEE.” [Para. 79] and “any peer can start any suitable number of identical enclaves, all of which have access to the same PEK. Use of multiple identical peer enclaves on each TEE is supported so that each TEE can service multiple concurrent requests in a multi-threaded (thread pool) fashion. The same provisioning protocol may be used at any time to introduce another TEE into the set.” [Para. 80]. This section describes receiving a quote from a peer TEE which would confirm the identity of the peer and allows any of the identical enclaves to introduce another TEE into the set by using the same provisioning protocol which would map to receive a request to start the application TEE instance. Moore also discloses “to establish initial consensus among TEEs 416A-416P, one of the TEEs 416A-416P may be designated as the “primary TEE”. Any of TEEs 416A-416P may serve as the primary TEE. The primary TEE generates the PEK. Each peer TEE (i.e., each of the TEEs 416A-416P that is a peer of the primary TEE) generates a unique asymmetric Key Import Key (KIK). The primary TEE contacts each of its peers and imparts the PEK onto them by executing a sequence of steps once for each peer.” [Para. 78] which explains that a TEE is established or launched to be the primary TEE and authenticate other TEEs into the sets and a request to authenticate teaches a request to start other TEEs. Therefore, Moore teaches “after launching the escrow TEE instance, receive a request to start the application TEE instance.”
 
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
Claim 1 recites “the escrow TEE instance is configured to: obtain a cryptographic measurement associated with the application TEE instance, validate the application TEE instance, and provide the secret from a second location to the application TEE instance.”
Claim 2 recites “the escrow TEE instance is configured to take the cryptographic measurement of the application TEE instance prior to validating the application TEE instance”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [6], Para. [21]: an escrow TEE instance may also be launched and provisioned with a secret if a respective escrow TEE instance is not already running. In an example, the escrow TEE instance may be a previously launched application TEE instance that includes an escrow or clone service. For example, once the escrow TEE instance is launched and running, the escrow TEE instance may validate (e.g., perform attestation) for newly launched application TEE instances. The secret is initially accessible from a first location, such as a memory location on a private network or private cloud until the escrow TEE instance is provisioned. After provisioning the escrow TEE instance, accessibility to the secret is restricted, for example, access to the private network may be restricted or the secret may be removed from the memory location on the private network. Conversely, if the private cloud handled each validation and attestation, the memory location may be susceptible to attack from different pieces of software and guests attempting to launch.
[0035] a cloud provider 202, such as server 150, may launch a trusted escrow TEE instance 220. For example, the escrow TEE instance 220 may be launched to provide validation (e.g., attestation) services to the newly started or cloned application instance (e.g., 
application instance 210) without having the newly started or cloned application instance communicating with the TEE instance owner 230
[0030] The server 150 may include hardware, such as processor(s), memory, hard drives, network adapters for network connection, etc. For example, server 150 may include many of the same hardware components as nodes 110A-C.
[0051] Additionally, method 300 includes obtaining a cryptographic measurement associated with the application TEE instance (block 306). For Example, the escrow TEE instance 220 may obtain a cryptographic measurement associated with the application TEE instance 210. The cryptographic measurement may include measurements of files, BIOS, bootloaders, virtual memory, components, images, internal configurations, current software or applications run by the TEE, etc. For example, components of the boot of the application TEE instance may be cryptographically measured (e.g., each boot component may be measured either individually or collectively by computing the hash values of byte arrays representing the boot components). The measured values of the boot components may then be used to decide if the application TEE instance can be trusted. Additionally, the measurement or hash may represent a fingerprint of the measured files.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 4, 8 – 13, and 17 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190140846 A1 to Moore et al., (hereinafter, “Moore”) in view of US 9479328 B1 to Wilburn et al., (hereinafter, “Wilburn”) and US 20130347064 A1 to Aissi.
Regarding claim 1, Moore teaches a system comprising: a memory; an application trusted execution environment ("TEE") instance; an escrow TEE instance different from the application TEE instance; and a server [Moore, para. 45 discloses server-side TEE provision logic 112 may include a first TEE (e.g., the TEE provisioned by client-side TEE provision logic 110, as described above) that establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. The first and second TEEs are hosted by distributed computing system 108. The platform is configured to execute an operating system. The operating system is configured to launch the second TEE from a template. The platform associated with the second TEE and a platform associated with the first TEE may be the same or different. The first TEE provisions the second TEE with information in absence of a secure channel between the first TEE and the second TEE to customize the second TEE with the information based at least in part on the chain of trust. Para. 46 discloses each of client-side TEE provision logic 110 and server-side TEE provision logic 112 may be at least partially implemented in a field-programmable gate array (FPGA), an application-specific integrated circuit (ASIC), an application-specific standard product (ASSP), a system-on-a-chip system (SoC), a complex programmable logic device (CPLD), etc. Each SoC may include an integrated circuit chip that includes one or more of a processor (e.g., a microcontroller, microprocessor, digital signal processor (DSP), etc.), memory, one or more communication interfaces, and/or further circuits and/or embedded firmware to perform its functions] configured to: launch the escrow TEE instance provisioned with a secret, [Moore, para. 50 discloses operating system 208, which runs on platform 204, launches the TEE from a template. The template is executable code. For instance, the template may be a piece of executable code that has not been customized with regard to a client device or customer associated therewith. Para. 65 discloses any one or more of activities may be used to establish a chain of trust from TEE 206 to platform 204. Any one or more of activities may be used to provision TEE 206 with information for purposes of customizing TEE 206 with the information. For example, any of activities 228, 230, and/or 232 may be used to provision TEE 206 with rules. In another example, any of activities 234 and/or 236 may be used to provision TEE 206 with secret information], and after launching the escrow TEE instance, receive a request to start the application TEE instance, [Moore, para. 77 discloses It may be beneficial to establish initial consensus among TEEs 416A-416P before server-side TEE provision logic 412 begins to service requests from client-side TEE provision logic 410. The goal of initial consensus establishment is to make all the TEEs running on all platforms agree on an asymmetric “Provisioning Encryption Key” (PEK). Para. 78 discloses to establish initial consensus among TEEs 416A-416P, one of the TEEs 416A-416P may be designated as the “primary TEE”. Any of TEEs 416A-416P may serve as the primary TEE. The primary TEE generates the PEK. Each peer TEE (i.e., each of the TEEs 416A-416P that is a peer of the primary TEE) generates a unique asymmetric Key Import Key (KIK). The primary TEE contacts each of its peers and imparts the PEK onto them by executing a sequence of steps once for each peer. Para. 79 discloses in a first step of the sequence, the primary TEE retrieves a quote from the peer. The quote includes a public portion of the KIK (KIKpub) that is generated by that peer. In a second step, the primary TEE validates the received quote (e.g., by comparing the peer's measurements to its own or by other means, such as a higher version number of the same enclave) and confirms that the signature over the quote chains up to the platform associated with the TEE. Para. 80 discloses any peer can start any suitable number of identical enclaves, all of which have access to the same PEK. Use of multiple identical peer enclaves on each TEE is supported so that each TEE can service multiple concurrent requests in a multi-threaded (thread pool) fashion. The same provisioning protocol may be used at any time to introduce another TEE into the set.] and wherein the escrow TEE instance is configured to: obtain a cryptographic measurement associated with the application TEE instance, [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. Para. 54 discloses platform 204 provides the report to TEE 206. The report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report] validate the application TEE instance, [Moore, para. 9 discloses the first trusted execution environment validates the second trusted execution environment as being included in the consensus group based at least in part on the peer validation policy and further based at least in part on the quote] and upon validation, provide the secret from a second location to the application TEE instance [Moore, para. 127 discloses provision logic 904 determines whether to provision the second trusted execution environment with the secret information based at least in part on whether first trusted execution environment 900 receives confirmation from the second trusted execution environment that the second trusted execution environment has received the at least one policy from first trusted execution environment 900. For instance, provision logic 904 may be configured to provision the second trusted execution environment with the secret information in response to first trusted execution environment 900 receiving the confirmation.], but Moore does not teach wherein the secret is initially accessible from a first location until the escrow TEE instance is provisioned, and wherein accessibility to the secret in the first location is restricted after provisioning the escrow TEE instance with the secret and disable the escrow TEE instance upon a security breach in the escrow TEE instance.
However, Wilburn does teach wherein the secret is initially accessible from a first location until the escrow TEE instance is provisioned, and wherein accessibility to the secret in the first location is restricted after provisioning the escrow TEE instance with the secret. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]
However, Moore in view of Wilburn does not teach and disable the escrow TEE instance upon a security breach in the escrow TEE instance, but Aissi does teach and disable the escrow TEE instance upon a security breach in the escrow TEE instance [Aissi, para. 148 discloses The anomaly response module 1018 may be configured to detect any differences or anomalies in the execution of the first state as compared to the second state of the trusted execution environment and determine that the difference in the states of the trusted execution environment between the mobile device 102 and the server computer 904 is due to a compromised device. A compromised device may no longer be safe for storing secrets and executing secure applications. The anomaly response module 1018 may send a message over the secure communication channel to the device to deactivate the first instance of the trusted execution environment 902 upon detection that the device has been compromised.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Aissi’s system with Moore’s system, with a motivation to verify the state of one or more applications in the mobile device against a synchronized or near synchronized copy of the trusted execution environment operating in the cloud and also migrating the state of one or more applications from a trusted execution environment from a first mobile device to a second mobile device in the event that the mobile device is compromised, lost, stolen or is being upgraded. [Aissi, para. 28]

As per claim 2, modified Moore teaches the system of claim 1, wherein the escrow TEE instance is configured to take the cryptographic measurement of the application TEE instance prior to validating the application TEE instance. [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. Para. 54 discloses platform 204 provides the report to TEE 206. The report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report]

As per claim 3, modified Moore teaches the system of claim 2, wherein the cryptographic measurement identifies characteristics of the application TEE instance including at least one of a type of the TEE instance, a version of the TEE instance, and a description of software components loaded into the TEE instance. [Moore, para. 54 discloses platform 204 provides the report to TEE 206. The report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report]

As per claim 4, modified Moore teaches the system of claim 2, wherein the cryptographic measurement further includes an integrity code to validate the cryptographic measurement. [Moore, para. 55 discloses TEE 206 adds self-reported measurements to the report, resulting in an updated report. The self-reported measurements are measurements that TEE 206 gathers or generates about itself. For instance, the self-reported measurements may be a hash (e.g., having a fixed length value) of a structure that includes any of a variety of keys, policies, or other suitable information. In activity 222, TEE 206 may further request that platform 204 sign the updated report.]

Regarding claim 8, modified Moore teaches the system of claim 1, but Moore does not teach wherein restricting accessibility to the secret includes removing the secret from the memory.
However, Wilburn does teach wherein restricting accessibility to the secret includes removing the secret from the memory. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]

Regarding claim 9, modified Moore teaches the system of claim 1, wherein the memory is part of a private network, [Moore, para. 199 discloses A first example system comprises memory and one or more processors coupled to the memory] wherein the escrow TEE instance is part of an outside network [Moore, para. 43 discloses first user device 102A is shown to include client-side TEE provision logic 110 for illustrative purposes. Client-side TEE provision logic 110 is configured to perform client-side aspects of the example techniques described herein. For instance, client-side TEE provision logic 110 may establish a chain of trust from a TEE to a platform based at least in part on receipt of measurements of the TEE that are gathered by the platform and that are signed with a platform signing key of the platform.], but Moore does not teach wherein the secret is initially stored in the memory at a first time, and wherein restricting accessibility to the secret includes removing the secret from the memory at a second time immediately after provisioning the escrow TEE instance with the secret.
However, Wilburn does teach wherein the secret is initially stored in the memory at a first time, and wherein restricting accessibility to the secret includes removing the secret from the memory at a second time immediately after provisioning the escrow TEE instance with the secret. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]

Regarding claim 10, modified Moore teaches the system of claim 1, but Moore does not teach wherein the secret is initially stored in the first location on a device at a first time, and after provisioning the escrow TEE instance with the secret, the device is air gapped at a second time immediately after provisioning the escrow TEE instance with the secret.
However, Wilburn does teach wherein the secret is initially stored in the first location on a device at a first time, and after provisioning the escrow TEE instance with the secret, the device is air gapped at a second time immediately after provisioning the escrow TEE instance with the secret. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]

Regarding claim 11, Moore teaches a method comprising: launching, by a processor, an escrow TEE instance provisioned with a secret, [Moore, para. 50 discloses operating system 208, which runs on platform 204, launches the TEE from a template. The template is executable code. For instance, the template may be a piece of executable code that has not been customized with regard to a client device or customer associated therewith. Para. 65 discloses any one or more of activities may be used to establish a chain of trust from TEE 206 to platform 204. Any one or more of activities may be used to provision TEE 206 with information for purposes of customizing TEE 206 with the information. For example, any of activities 228, 230, and/or 232 may be used to provision TEE 206 with rules. In another example, any of activities 234 and/or 236 may be used to provision TEE 206 with secret information] after launching the escrow TEE instance, receive a request to start the application TEE instance; [Moore, para. 77 discloses It may be beneficial to establish initial consensus among TEEs 416A-416P before server-side TEE provision logic 412 begins to service requests from client-side TEE provision logic 410. The goal of initial consensus establishment is to make all the TEEs running on all platforms agree on an asymmetric “Provisioning Encryption Key” (PEK). Para. 78 discloses to establish initial consensus among TEEs 416A-416P, one of the TEEs 416A-416P may be designated as the “primary TEE”. Any of TEEs 416A-416P may serve as the primary TEE. The primary TEE generates the PEK. Each peer TEE (i.e., each of the TEEs 416A-416P that is a peer of the primary TEE) generates a unique asymmetric Key Import Key (KIK). The primary TEE contacts each of its peers and imparts the PEK onto them by executing a sequence of steps once for each peer. Para. 79 discloses in a first step of the sequence, the primary TEE retrieves a quote from the peer. The quote includes a public portion of the KIK (KIKpub) that is generated by that peer. In a second step, the primary TEE validates the received quote (e.g., by comparing the peer's measurements to its own or by other means, such as a higher version number of the same enclave) and confirms that the signature over the quote chains up to the platform associated with the TEE. Para. 80 discloses any peer can start any suitable number of identical enclaves, all of which have access to the same PEK. Use of multiple identical peer enclaves on each TEE is supported so that each TEE can service multiple concurrent requests in a multi-threaded (thread pool) fashion. The same provisioning protocol may be used at any time to introduce another TEE into the set.] obtaining a cryptographic measurement associated with the application TEE instance; [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. Para. 54 discloses platform 204 provides the report to TEE 206. The report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report] validating the application TEE instance; [Moore, para. 9 discloses the first trusted execution environment validates the second trusted execution environment as being included in the consensus group based at least in part on the peer validation policy and further based at least in part on the quote] and upon validating, providing the secret from a second location to the application TEE instance [Moore, para. 127 discloses provision logic 904 determines whether to provision the second trusted execution environment with the secret information based at least in part on whether first trusted execution environment 900 receives confirmation from the second trusted execution environment that the second trusted execution environment has received the at least one policy from first trusted execution environment 900.], but Moore does not teach wherein the secret is initially accessible from a first location, and wherein accessibility to the secret in the first location is restricted after provisioning the escrow TEE instance with the secret and disabling the escrow TEE instance upon a security breach in the escrow TEE instance.
However, Wilburn does teach wherein the secret is initially accessible from a first location, and wherein accessibility to the secret in the first location is restricted after provisioning the escrow TEE instance with the secret. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]
However, Moore in view of Wilburn does not teach and disabling the escrow TEE instance upon a security breach in the escrow TEE instance, but Aissi does teach and disabling the escrow TEE instance upon a security breach in the escrow TEE instance [Aissi, para. 148 discloses The anomaly response module 1018 may be configured to detect any differences or anomalies in the execution of the first state as compared to the second state of the trusted execution environment and determine that the difference in the states of the trusted execution environment between the mobile device 102 and the server computer 904 is due to a compromised device. A compromised device may no longer be safe for storing secrets and executing secure applications. The anomaly response module 1018 may send a message over the secure communication channel to the device to deactivate the first instance of the trusted execution environment 902 upon detection that the device has been compromised.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Aissi’s system with Moore’s system, with a motivation to verify the state of one or more applications in the mobile device against a synchronized or near synchronized copy of the trusted execution environment operating in the cloud and also migrating the state of one or more applications from a trusted execution environment from a first mobile device to a second mobile device in the event that the mobile device is compromised, lost, stolen or is being upgraded. [Aissi, para. 28]

As per claim 12, modified Moore teaches the method of claim 11, wherein the cryptographic measurement identifies characteristics of the application TEE instance including at least one of a type of the TEE instance, a version of the TEE instance, and a description of software components loaded into the TEE instance. [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. Para. 54 discloses platform 204 provides the report to TEE 206. The report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report]

As per claim 13, modified Moore teaches the method of claim 12, wherein the cryptographic measurement further includes an integrity code to validate the cryptographic measurement. [Moore, para. 55 discloses TEE 206 adds self-reported measurements to the report, resulting in an updated report. The self-reported measurements are measurements that TEE 206 gathers or generates about itself. For instance, the self-reported measurements may be a hash (e.g., having a fixed length value) of a structure that includes any of a variety of keys, policies, or other suitable information. In activity 222, TEE 206 may further request that platform 204 sign the updated report.]

Regarding claim 17, modified Moore teaches the method of claim 11, but Moore does not teach wherein restricting accessibility to the secret includes removing the secret from the memory.
However, Wilburn does teach wherein restricting accessibility to the secret includes removing the secret from the memory. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]

Regarding claim 18, modified Moore teaches the method of claim 11, Moore does not teach wherein the secret is initially stored in memory that is part of a private network at a first time, wherein the escrow TEE instance is part of an outside network, and wherein restricting accessibility to the secret includes removing the secret from the memory at a second time immediately after provisioning the escrow TEE instance with the secret.
However, Wilburn does teach wherein the secret is initially stored in memory that is part of a private network at a first time, wherein the escrow TEE instance is part of an outside network, and wherein restricting accessibility to the secret includes removing the secret from the memory at a second time immediately after provisioning the escrow TEE instance with the secret. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]

Regarding claim 19, modified Moore teaches the method of claim 11, but Moore does not teach wherein the secret is initially stored in the first location on a device and the device is air gapped after provisioning the escrow TEE instance with the secret.
However, Wilburn does teach wherein the secret is initially stored in the first location on a device and the device is air gapped after provisioning the escrow TEE instance with the secret. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]

Regarding claim 20, Moore teaches a non-transitory machine-readable medium storing code, which when executed by a processor is configured to: receive a request to start an application TEE instance; [Moore, para. 49 discloses client device 202 may be owned or controlled by a customer of a cloud service. Client device 202 may generate the request based on instructions that are received from the customer. The instructions from the customer may indicate that the customer wishes to set up a web service, attestation service, database, machine learning system, etc. Client device 202 may generate the request for the TEE for purposes of setting up the web service, attestation service, database, machine learning system, etc] launch an escrow TEE instance provisioned with a secret, [Moore, para. 50 discloses operating system 208, which runs on platform 204, launches the TEE from a template. The template is executable code. For instance, the template may be a piece of executable code that has not been customized with regard to a client device or customer associated therewith. Para. 65 discloses any one or more of activities may be used to establish a chain of trust from TEE 206 to platform 204. Any one or more of activities may be used to provision TEE 206 with information for purposes of customizing TEE 206 with the information. For example, any of activities 228, 230, and/or 232 may be used to provision TEE 206 with rules. In another example, any of activities 234 and/or 236 may be used to provision TEE 206 with secret information] after launching the escrow TEE instance, receive a request to start the application TEE instance, [Moore, para. 77 discloses It may be beneficial to establish initial consensus among TEEs 416A-416P before server-side TEE provision logic 412 begins to service requests from client-side TEE provision logic 410. The goal of initial consensus establishment is to make all the TEEs running on all platforms agree on an asymmetric “Provisioning Encryption Key” (PEK). Para. 78 discloses to establish initial consensus among TEEs 416A-416P, one of the TEEs 416A-416P may be designated as the “primary TEE”. Any of TEEs 416A-416P may serve as the primary TEE. The primary TEE generates the PEK. Each peer TEE (i.e., each of the TEEs 416A-416P that is a peer of the primary TEE) generates a unique asymmetric Key Import Key (KIK). The primary TEE contacts each of its peers and imparts the PEK onto them by executing a sequence of steps once for each peer. Para. 79 discloses in a first step of the sequence, the primary TEE retrieves a quote from the peer. The quote includes a public portion of the KIK (KIKpub) that is generated by that peer. In a second step, the primary TEE validates the received quote (e.g., by comparing the peer's measurements to its own or by other means, such as a higher version number of the same enclave) and confirms that the signature over the quote chains up to the platform associated with the TEE. Para. 80 discloses any peer can start any suitable number of identical enclaves, all of which have access to the same PEK. Use of multiple identical peer enclaves on each TEE is supported so that each TEE can service multiple concurrent requests in a multi-threaded (thread pool) fashion. The same provisioning protocol may be used at any time to introduce another TEE into the set.] obtain a cryptographic measurement associated with the application TEE instance; [Moore, para. 6 discloses a first TEE (e.g., the TEE mentioned in the first example approach described above) establishes a chain of trust from a second TEE to a platform based at least in part on receipt of measurements of the second TEE that are gathered by the platform and that are signed with a platform signing key of the platform. Para. 54 discloses platform 204 provides the report to TEE 206. The report includes measurements of TEE 206. The measurements include the identification information. For instance, the measurements may indicate unforgeable attributes of TEE 206 (e.g., an author, publisher, security version number, code type, and/or compilation date of TEE 206 and/or a key used to sign the measurements of TEE 206). It will be recognized that asymmetric and/or symmetric authentication techniques may be used to authenticate the measurements. For example, platform 204 may sign the measurements with a platform signing key (PSK) before providing the measurements to TEE 206. In another example, one or more symmetric key-based message authentication codes (MACs) may be used as proof-of-authenticity of a report] validate the application TEE instance; [Moore, para. 9 discloses the first trusted execution environment validates the second trusted execution environment as being included in the consensus group based at least in part on the peer validation policy and further based at least in part on the quote] upon validation, provide the secret from a second location to the application TEE instance[Moore, para. 127 discloses provision logic 904 determines whether to provision the second trusted execution environment with the secret information based at least in part on whether first trusted execution environment 900 receives confirmation from the second trusted execution environment that the second trusted execution environment has received the at least one policy from first trusted execution environment 900. For instance, provision logic 904 may be configured to provision the second trusted execution environment with the secret information in response to first trusted execution environment 900 receiving the confirmation.], but Moore does not teach wherein the secret is initially accessible from a first location, and wherein accessibility to the secret in the first location is restricted after provisioning the escrow TEE instance with the secret and disable the escrow TEE instance upon a security breach in the escrow TEE instance.
However, Wilburn does teach wherein the secret is initially accessible from a first location, and wherein accessibility to the secret in the first location is restricted after provisioning the escrow TEE instance with the secret. [Wilburn, col. 7 lines 19 - 34 discloses the provisioning module 134 or another module on the electronic device 104 may store the provisioning key securely on the electronic device 104. For example, the electronic device 104 may include an encryption module and a device secret key (not shown in FIG. 1) that is known only to the electronic device 104, and which may be used for securely storing information in an encrypted form on the electronic device 104. Accordingly, the electronic device 104 may re-encrypt the provisioning key 118 using the device secret key and may store the encrypted provisioning key 118 on computer-readable media included in the electronic device 104. Following re-encryption of the provisioning key and storage on the electronic device using the device secret key, the original version of the provisioning key encrypted with the on-chip key 116 may be deleted, overwritten or otherwise removed from the electronic device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wilburn’s system with Moore’s system, with a motivation to provide the device manufacture with the ability to securely add secret material to the electronic device using a key that is never shared or exposed outside of a secure environment. [Wilburn, col. 1 lines 62 – 65]
However, Moore in view of Wilburn does not teach and disable the escrow TEE instance upon a security breach in the escrow TEE instance, but Aissi does teach and disable the escrow TEE instance upon a security breach in the escrow TEE instance [Aissi, para. 148 discloses The anomaly response module 1018 may be configured to detect any differences or anomalies in the execution of the first state as compared to the second state of the trusted execution environment and determine that the difference in the states of the trusted execution environment between the mobile device 102 and the server computer 904 is due to a compromised device. A compromised device may no longer be safe for storing secrets and executing secure applications. The anomaly response module 1018 may send a message over the secure communication channel to the device to deactivate the first instance of the trusted execution environment 902 upon detection that the device has been compromised.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Aissi’s system with Moore’s system, with a motivation to verify the state of one or more applications in the mobile device against a synchronized or near synchronized copy of the trusted execution environment operating in the cloud and also migrating the state of one or more applications from a trusted execution environment from a first mobile device to a second mobile device in the event that the mobile device is compromised, lost, stolen or is being upgraded. [Aissi, para. 28]

Claims 5 – 7 and 14 – 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190140846 A1 to Moore et al., (hereinafter, “Moore”) in view of US 9479328 B1 to Wilburn et al., (hereinafter, “Wilburn”) and US 20130347064 A1 to Aissi in further view of US 20200167503 A1 to Wei to al., (hereinafter, “Wei”).
Regarding claim 5, modified Moore teaches the system of claim 1, but modified Moore does not teach wherein the application TEE instance is an encrypted virtual machine.
However, Wei does teach wherein the application TEE instance is an encrypted virtual machine. [Wei, para. 123 discloses taking the trusted execution environment being Intel SGX as an example, SGX provides an enclave, that is, an encrypted trusted execution area in the memory, in which data is protected by the CPU from theft. Taking the node device using a CPU that supports SGX as an example, the CPU can use the newly added processor instructions to allocate a part of the area EPC (Enclave Page Cache) in the memory, in which the data is encrypted by an encryption engine MEE (Memory Encryption Engine).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wei’s system with modified Moore’s system, with a motivation to use the TEE technologies such as Intel's Software Protection Extension (SGX) isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution. Applications running in TEE are secured and are almost impossible to be accessed by third parties. [Wei, para. 122]

Regarding claim 6, modified Moore teaches the system of claim 1, wherein the escrow TEE instance is another application TEE instance that includes a clone service [Moore, para. 31 discloses any two or more TEEs may be launched by the same operating system or different operating systems running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information. In accordance with the aforementioned example, the client device may provision the first TEE with first information; the first TEE may provision the second TEE with second information; the second TEE may provision the third TEE with third information, and so on. It will be recognized that the first, second, and third information may be the same or different.], but modified Moore does not teach wherein the escrow TEE instance is an encrypted virtual machine.
However, Wei does teach wherein the escrow TEE instance is an encrypted virtual machine. [Wei, para. 123 discloses taking the trusted execution environment being Intel SGX as an example, SGX provides an enclave, that is, an encrypted trusted execution area in the memory, in which data is protected by the CPU from theft. Taking the node device using a CPU that supports SGX as an example, the CPU can use the newly added processor instructions to allocate a part of the area EPC (Enclave Page Cache) in the memory, in which the data is encrypted by an encryption engine MEE (Memory Encryption Engine).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wei’s system with modified Moore’s system, with a motivation to use the TEE technologies such as Intel's Software Protection Extension (SGX) isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution. Applications running in TEE are secured and are almost impossible to be accessed by third parties. [Wei, para. 122]

Regarding claim 7, modified Moore teaches the system of claim 1, but modified Moore does not teach wherein the memory is hardware encrypted storage.
However, Wei does teach wherein the memory is hardware encrypted storage. [Wei, para. 123 discloses taking the trusted execution environment being Intel SGX as an example, SGX provides an enclave, that is, an encrypted trusted execution area in the memory, in which data is protected by the CPU from theft. Taking the node device using a CPU that supports SGX as an example, the CPU can use the newly added processor instructions to allocate a part of the area EPC (Enclave Page Cache) in the memory, in which the data is encrypted by an encryption engine MEE (Memory Encryption Engine).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wei’s system with modified Moore’s system, with a motivation to use the TEE technologies such as Intel's Software Protection Extension (SGX) isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution. Applications running in TEE are secured and are almost impossible to be accessed by third parties. [Wei, para. 122]

Regarding claim 14, modified Moore teaches the method of claim 11, but modified Moore does not teach wherein the application TEE instance is an encrypted virtual machine.
However, Wei does teach wherein the application TEE instance is an encrypted virtual machine. [Wei, para. 123 discloses taking the trusted execution environment being Intel SGX as an example, SGX provides an enclave, that is, an encrypted trusted execution area in the memory, in which data is protected by the CPU from theft. Taking the node device using a CPU that supports SGX as an example, the CPU can use the newly added processor instructions to allocate a part of the area EPC (Enclave Page Cache) in the memory, in which the data is encrypted by an encryption engine MEE (Memory Encryption Engine).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wei’s system with modified Moore’s system, with a motivation to use the TEE technologies such as Intel's Software Protection Extension (SGX) isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution. Applications running in TEE are secured and are almost impossible to be accessed by third parties. [Wei, para. 122]

Regarding claim 15, modified Moore teaches the method of claim 11, wherein that escrow TEE instance is configured to serve application requests similar to the application TEE instance. [Moore, para. 31 discloses any two or more TEEs may be launched by the same operating system or different operating systems running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information. In accordance with the aforementioned example, the client device may provision the first TEE with first information; the first TEE may provision the second TEE with second information; the second TEE may provision the third TEE with third information, and so on. It will be recognized that the first, second, and third information may be the same or different.], but modified Moore does not teach wherein the escrow TEE instance is an encrypted virtual machine.
However, Wei does teach wherein the escrow TEE instance is an encrypted virtual machine. [Wei, para. 123 discloses taking the trusted execution environment being Intel SGX as an example, SGX provides an enclave, that is, an encrypted trusted execution area in the memory, in which data is protected by the CPU from theft. Taking the node device using a CPU that supports SGX as an example, the CPU can use the newly added processor instructions to allocate a part of the area EPC (Enclave Page Cache) in the memory, in which the data is encrypted by an encryption engine MEE (Memory Encryption Engine).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wei’s system with modified Moore’s system, with a motivation to use the TEE technologies such as Intel's Software Protection Extension (SGX) isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution. Applications running in TEE are secured and are almost impossible to be accessed by third parties. [Wei, para. 122]

Regarding claim 16, modified Moore teaches the method of claim 11, but modified Moore does not teach wherein the memory is hardware encrypted storage.
However, Wei does teach wherein the memory is hardware encrypted storage. [Wei, para. 123 discloses taking the trusted execution environment being Intel SGX as an example, SGX provides an enclave, that is, an encrypted trusted execution area in the memory, in which data is protected by the CPU from theft. Taking the node device using a CPU that supports SGX as an example, the CPU can use the newly added processor instructions to allocate a part of the area EPC (Enclave Page Cache) in the memory, in which the data is encrypted by an encryption engine MEE (Memory Encryption Engine).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling to combine Wei’s system with modified Moore’s system, with a motivation to use the TEE technologies such as Intel's Software Protection Extension (SGX) isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution. Applications running in TEE are secured and are almost impossible to be accessed by third parties. [Wei, para. 122]

Conclusion
Pertinent prior art made of record however not relied upon includes:
US 20180330092 A1 to Sniezek et al.
“A system and methodology for providing trusted execution of applications is provided. The computing system includes system hardware including memory. A Trusted Application Execution Provisioning (TAEP) operating on said computing system enforces a Trusted Application Pattern Space (TAPS) within the memory throughout the execution lifecycle of each application hosted on the computing system. The Trusted Application Execution Provisioning (TAEP) assigns each application a private application instruction space and a private application data in accordance with specifications governing the Trusted Application Pattern Space (TAPS), such that the Trusted Application Execution Provisioning (TAEP) prevents the private application instruction space of each application from being read, inferred, and/or modified by any application, and prevents the private application data space of each application from being read, inferred, and/or modified by other than its assigned application. Upon an extension request by a first application to extend with one or more collaborating applications, the Trusted Application Execution Provisioning (TAEP) assigns an application collaboration data space within the memory in accordance with the specifications governing the Trusted Application Pattern Space (TAPS), such that both the first application and the one or more collaborating applications have access to the application collaboration data space. The Trusted Application Execution Provisioning (TAEP) prevents the application collaboration space from being read, inferred, and/or modified by other than the first application and the one or more collaborating applications.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/P.P./Patent Examiner, Art Unit 2434                   

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434