DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Amendment
The amendment filed September 23, 2022 has been entered.  Claims 1-20 remain pending in this application.
The amendment to the claims has overcome the rejections to the claims under 35 U.S.C. 112, as presented in the prior office action mailed June 23, 2022. 

Claim Interpretation
As discussed in the prior office action, claims 1, 8, and 15 recited contingent limitations, where MPEP § 2111.04(II) provides for guidance for a broadest reasonable interpretation of claims with contingent limitations.  As amended, claims 1 and 15 still recite both branches, so the broadest reasonable interpretation still requires performance of both branches.  Claim 8 has been amended such that one of the branches is no longer recited and the other branch is no longer dependent on a contingent limitation.  Therefore, the limitations recited are now required for method claim 8.
Examiner notes that the limitations that are now required in claim 8 were originally recited the branch where the condition was “the plurality of non-uniform memory access nodes do not exist”.  For clarity of record, examiner notes that the allocating limitations are no longer recited as dependent on this condition at all.  As such, while the related limitations are required in the scope of the claim, they do not have to have any connection to the determination limitation under broadest reasonable interpretation. 
The discussion in the prior office action concerning interpretation claims 9-14 is moot, as claim 8 no longer has two potential interpretation of branches. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 2, 4, 8, 9, 11, 15, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Gingell et al. (US 2021/0232676) in view of Yagawa (2006/0015946) and Martel et al. (US 10,872,152).
Regarding claim 1, Gingell teaches an information handling system (Fig. 1, system 100), comprising: 
at least one processor (Fig. 1, each of computing devices 110, 120, and 130 include at least one processor 112); and 
a memory medium, coupled to the at least one processor, that stores instructions executable by the at least one processor (Fig. 1, each of computing devices 110, 120, and 130 include memory 114, which is stated to include instructions executed by the processors, see [0031]; in relation to the following functions, citations are provided in the context of Figs. 1 and 2, where Fig. 2 is understood from [0040] to be provided in relations to applications, where [0038] provides for instructions for applications within the memories), which when executed by the at least one processor, cause the information handling system to: 
receive a request for a secure memory region with fault resiliency from first processor instructions being executed by the at least one processor at a first processor privilege level (an enclave manager may create an enclave for an application, see [0040,0041], the application executing at a certain privilege; necessarily, in order to create an enclave for the application, a request or instruction to create the enclave must be received by the enclave manager); 
determine if a plurality of non-uniform memory access nodes exist (“Each of the computing devices 110, 120, 130 can be at different nodes of a network 150 and capable of directly and indirectly communicating with other nodes of network 150,” [0036], teaching that as the nodes can communicate, and also that the computing devices can store information in the storage system, see [0037], then Gingell’s system provides for non-uniform memory access across the nodes; in addition, the ability to communicate via the network necessarily includes the ability to determine if other nodes exist, as communicating with other nodes would require discovery/knowledge of the other nodes); 
if the plurality of non-uniform memory access nodes exist (in Fig. 1, the situation is established where multiple nodes exist): 
allocate a first enclave via a first volatile memory medium associated with a first non-uniform memory access node that includes the first volatile memory medium (Fig. 1, enclave 160 on memory 114 in computing device 110; [0031] provides different embodiments of memory 114, including RAM, reading upon the volatile nature of the memory medium); and 
allocate the second enclave via a second volatile memory medium associated with a second non-uniform memory access node that includes the second volatile memory medium (Fig. 1, enclave 190 on storage system 140; [0037] provides embodiments of the storage system including a RAM, reading on the volatile nature of the memory medium; see also “These applications may define enclaves 160, 170, 180, 190 within memory, either locally at memory 114 or remotely at the storage system 140,” [0038]; see also Fig. 2, showing two instances of an enclave for a particular user application, teaching the ability to allocate 2 enclaves for a particular set of instructions); and
encrypt the at least one of the second processor instructions and the data via an encryption key that is stored by the information handling system, not accessed by the third processor instructions executing at any privilege level (“FIG. 5B shows example file operations for a secure access domain A secure access domain may be configured for handling encrypted or signed data. The host need not be trusted for handling such encrypted or signed data because only the enclave has the necessary keys, thus the untrusted host only has access to the data in the encrypted/signed form,” [0069], where “the User Application may be a password manager application that has a key vault component. Such components may be stored and/or executed in enclaves, while other components of the application may be stored and/or executed in an untrusted environment or rather, outside of the enclave,” [0040], see also [0071] where the encryption key is used to decrypt data stored in the enclave; these citations teach that the enclaves store data in an encrypted form, using a key for encrypting/decrypting the data and where the host does not have any access to the key; [0039,0041] describe storing code and data into the enclaves and as such both data and code would be encrypted as taught above)
store the at least one of the second processor instructions and the data, as encrypted by the encryption key, in the first enclave (“Each enclave can be used to store data and instructions while at the same time limit the use of such data and instructions by other applications,” [0039], see also [0041] describing storing code and data into the enclaves); and
mirror the at least one of the second processor instructions and the data, as encrypted by the encryption key, in the second enclave (in the context of Fig. 2, the two enclaves shown are described as capable of storing “copies of the same code that stores and/or executes sensitive data of User Application 210,” [0041]; this reads on mirroring the second processor instructions).
 Gingell fails to teach where the instructions cause the system to:
if the plurality of non-uniform memory access nodes do not exist: 
allocate a first enclave via a first volatile memory medium associated with a first non-uniform memory access node that includes the first volatile memory medium, wherein the first enclave protects at least one of second processor instructions and data from being read by and from being altered by third processor instructions executing at a second processor privilege level, higher than the first processor privilege level; and 
allocate a second enclave via the first volatile memory medium, wherein the second enclave protects the at least one of the second processor instructions and the data from being read by and from being altered by the third processor instructions executing at the second processor privilege level.
Examiner notes that while Fig. 1 does show the ability to have multiple enclaves within a particular node (see Fig. 1, with computing device 110 containing enclaves 160 and 170), this is not presented as conditioned on a lack of plurality of NUMA nodes as recited in the claim.
Examiner further notes that while Gingell does provide disclosure that would read upon the wherein clause concerning the enclaves protecting instructions and data from being read by/altered by third processor instructions executing at a second privilege level, higher than the first processor privilege level (“Each enclave can be used to store data and instructions while at the same time limit the use of such data and instructions by other applications,” [0039]; in addition, by contrast, the untrusted application context of Fig. 2 is “vulnerable to manipulations by processes having higher privileges, such as an operating system or a hypervisor,” [0040], and therefore logically the enclaves protect data from the higher privilege processes; see also “the host, such as an operating system or hypervisor, is not trusted to securely persist sensitive data on the enclave's behalf,” [0058]), the wherein clauses are recited as part of the condition where the plurality of NUMA nodes do not exist and as such the limitation as a whole is not taught by Gingell in isolation. 
Gingell also fails to teach where the encryption is performed by hardware based encryption (the POSIX layer is described as decrypting the data and presumably encrypts data being stored in the enclave, see [0071]), as well as where the encryption key is external to the first and second enclaves (as cited above, Gingell’s disclosure provides that the enclaves manage their respective keys).
Yagawa’s disclosure is related to providing the ability to mirror secure data in a storage system, and as such comprises analogous art, as Yagawa’s disclosure is related to the same field of endeavor of providing copies of secure data.
As part of this disclosure, Yagawa provides for multiple embodiments of mirroring data between a primary volume and a secondary volume, where Fig. 1 shows the mirroring occurring within a single storage system, and Figs. 1B and 1C show situations where the primary and secondary volumes are found in separate storage systems.  Examiner notes that as disclosed in Yagawa, the requesting hosts do not have storage themselves, as seen in Figs. 1, 1A, 1B, and 1C. As discussed in [0050], data mirroring means data written to the primary volume is mirrored to the second volume, where Figs. 1, 1A, 1B, and 1C show this with process arrow 93. 
An obvious modification can be identified: incorporating a secure mirroring functionality, and in particular the ability to mirror within a storage system.  As applied to Gingell’s nodes, this secure mirroring would provide for a mirroring across multiple enclaves, and further, the ability to mirror within one storage system provides for the ability to allocate/mirror enclaves within a single system/node (while not explicitly shown to be a result of a determination process, necessarily, Yagawa’s mirroring within a system occurs when no other storage system is connected).  Such a modification, incorporating Gingell’s disclosure on the enclaves’ protection ability and the earlier citation to the volatile nature of Gingell’s memories, reads upon the limitations of the claim above.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Yagawa’s data mirroring functionality, and particularly the data mirroring functionality within a single system into Gingell’s enclave system, as the ability to securely mirror data provides for the ability to support restoring data and no-disruptive backup/maintenance procedures, see Yagawa [0006] while maintaining the security of the enclaves; in addition, Yagawa’s provision of mirroring data within a single system provides some data redundancy when no other systems/nodes exist, which is better than no redundancy at all.
The combination of Gingell and Yagawa still fails to teach the details concerning the hardware based encryption and encryption keys being external to the first and second enclaves.
Martel’s disclosure is related to providing enclaves and cryptographic support and as such comprises analogous art.  
As part of this disclosure, Martel provides a dedicated “secure enclave processor (SEP) 260, which is a secure circuit configured to maintain user keys for encrypting and decrypting data keys associated with a user,” Col. 8, Lines 30-32, see also Fig. 2, SEP 260, Fig. 4, SEP 260.
Martel also discloses that when provisioning volumes, a volume encryption key (VEK) can be used by a controller to encrypt/decrypt data stored within a non-volatile memory, see Col. 3, Lines 58-64, Col. 18, Lines 13-19Col. 20, Lines 37-44.  The volume encryption keys in turn can be protected by further encryption such as device/group keys, see Col. 17 Line 51 – Col. 18, Line 2, see also Col. 20, Lines 19-59 describing generating system keys KEK and using the KEK’s to encrypt/decrypt the VEK for accessing the encrypted data.  Notably, a non-volatile memory controller contains a cryptographic engine that can encrypt/decrypt data accesses to the underlying storage, see Col. 3, Line 66 – Col. 4, Line 3, see Fig. 8 showing both the SEP and NVM controller with cryptographic engines.
An obvious modification can be identified: incorporating Martel’s SEP and NVM controller’s with cryptographic engines, as well as the SEP’s ability to store and maintain the volume encryption keys and other chain of encryption keys needed to access the encrypted data in the enclave.  Such a modification reads upon the hardware based nature of the encryption, as well as where the encryption keys are stored by the system external to the enclaves.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Martel’s encryption hardware and practice of utilizing multiple keys, with a volume encryption key being stored external to an enclave, as the encryption processor and NVM’s cryptographic engine provides additional security techniques that can maintain data protection even if a system OS is compromised, see Col. 4, Lines 41-52, while the multiple chains of encryption keys provides access to an encrypted storage volume with some level of data protection without requiring user credentials, which can reduce the amount of sensitive information needed to access the system, see Col. 22, Lines 18-26.
Regarding claim 2, the combination of Gingell, Yagawa, and Martel teaches the information handling system of claim 1, and the combination further teaches wherein the instructions further cause the information handling system to: 
determine that additional data is stored in the first enclave; and 
in response to determining that the additional data is stored in the first enclave, mirror the additional data in the second enclave, as follows.
To clarify, Gingell discloses in relation to Fig. 2 that the two enclave instances may store “copies of the same code that stores and/or executes sensitive data of User Application,” [0041].  However, this is not understood to explicitly read upon mirroring data, as the two copies are not disclosed to be continuously mirrored or executing simultaneously, and instead are just multiple copies of the same code that can be executed differently.  As such, Gingell in isolation is not interpreted to read upon the limitation
As cited in the claim 1 rationale, an obvious modification was proposed incorporating secure data mirroring as disclosed by Yagawa, where [0050] provides that data written to the primary volume is mirrored to the secondary volume.  As such, the combination identified in claim 1 teaches that any data found in or written to the first enclave is mirrored to the second enclave. 
Regarding claim 4, the combination of Gingell, Yagawa, and Martel teaches the information handling system of claim 1, and Gingell further teaches wherein the third processor instructions executing at the second processor privilege level include at least one of a virtual machine and an operating system virtualization instance (“Each enclave can be used to store data and instructions while at the same time limit the use of such data and instructions by other applications,” [0039]; in addition, by contrast, the untrusted application context of Fig. 2 is “vulnerable to manipulations by processes having higher privileges, such as an operating system or a hypervisor,” [0040], and therefore logically the enclaves protect data from the higher privilege processes; see also “the host, such as an operating system or hypervisor, is not trusted to securely persist sensitive data on the enclave's behalf,” [0058]).
Claim 8 is a method claim reciting steps nearly identical to the functional limitations of the information handling system of claim 1 and can therefore be rejected according to nearly the same rationale.  
As discussed in the section under claim interpretation, the allocating limitations are no longer dependent on a determination that a plurality of non-uniform memory access nodes do not exist.  Therefore, the citations in the claim 1 rationale to Gingell Fig. 1 with computing device 110 containing enclaves 160 and 170, and citations to [0039,0040,0058] to disclose the wherein clauses would sufficiently teach the limitation, whereas in claim 1, the allocation and wherein clauses were dependent on the condition if a plurality of NUMA nodes do not exist.  Gingell only fails to teach determining that a plurality of NUMA nodes do not exist as well as the encryption details cited in the claim 1 rationale, and the rationale of incorporating Yagawa and Martel would be identical from there.  
Claims 9 and 11 are rejected according to the same rationale of claims 2 and 4.
Regarding claim 15, Gingell teaches a computer-readable non-transitory memory medium that includes instructions that, when executed by at least one processor of an information handling system, cause the information handling system to perform the same functions recited in claim 1 and can be rejected according to the same rationale. 
Claims 16 and 18 are rejected according to the same rationale of claims 2 and 4. 
Claims 3, 10, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Gingell in view of Yagawa and Martel and further in view of Todd et al. (US 7,076,690).
Regarding claim 3, the combination of Gingell, Yagawa, and Martel teaches the information handling system of claim 1, but fails to teach wherein the instructions further cause the information handling system to: 
determine that a fault occurred with at least one of the first memory medium and the first enclave; 
determine that access of the at least one of the second processor instructions and the data has been requested; and 
provide at least a portion of the at least one of the second processor instructions and the data from the second enclave.
While Yagawa mentions that data mirroring provides for rapid data restores, see [0006], not enough details are provided to read on the claim limitations above.
Todd’s disclosure is related to providing mirrored storage volumes to a host and processing access requests, and therefore comprises analogous art to the same area of data mirroring.
As part of this disclosure, Todd provides that in the context of Fig. 3 showing mirrored volumes 39 and 41, in the event that a failure prevents a host computer 21 from accessing a volume 39, then the host can redirect read and write accesses to the mirrored volume 41, see Col. 13, Lines 27-40.
An obvious modification can be identified: incorporating the ability to switch which volume requests are directed to in the event of a failure.  As incorporated into Gingell, this reads upon redirecting access to instructions/data in one enclave to another copy of the enclave.  This reads upon the limitations of the claim, as Todd’s disclosure identifies a failure of a volume, reading upon the determining that a fault occurred with the first volume or memory medium, and redirects accesses, necessarily meaning that a determination is made that access to data within the failed region is requested, and servicing the requests in the other enclave reads upon providing at least a portion of the instructions and data from the second enclave. 
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Todd’s failure handling into Gingell’s enclave system, as redirecting requests to the mirrored enclave would result in less downtime/interrupted performance from a client/requestor’s perspective. 
Claims 10 and 17 are rejected according to the same rationale of claim 3. 
Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gingell in view of Yagawa and Martel and further in view of Glimcher et al. (US 11,086,780).
Regarding claim 5, the combination of Gingell, Yagawa, and Martel teaches the information handling system of claim 1, but fails to teach wherein the instructions further cause the information handling system to: 
determine that the request for the secure memory region with the fault resiliency includes an attribute that is set to indicate that the at least one of the second processor instructions and the data in the second enclave are to be mirrored in the second enclave.
Glimcher’s disclosure is related to providing write protection in a scratch pad via mirroring writes.  While not in the same field of endeavor, Glimcher’s disclosure is reasonably pertinent, as one of ordinary skill in the art, when considering how a request to mirror is made would consider how requesting mirroring in other memory technologies relevant to the claimed invention, and consequently comprises analogous art.
As part of this disclosure, Glimcher provides for multiple level of protections, see Fig. 6, where based on the level of protection, different levels of mirroring is applied.  More specifically, Glimcher discloses that the write request includes a level of protection, see Fig. 6, step 608, and applies the level of protection according to this request, see steps 610-618, see also Col. 13, Line 62 – Col. 14, Line 10. 
An obvious modification can be identified: incorporating the level of protection/mirroring into a request.  As identified in the claim 1 rationale, Gingell provides for a manager that creates the enclaves for application and necessarily receives an instruction to create the enclave.  As modified here, the creation of the enclave incorporates a level of mirroring desired by a user/application.  Such a modification reads upon the limitation of the claim.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Glimcher’s disclosure of requests including a level of protection with Gingell’s enclave system, as this provides for more customization by individual users/applications instead of applying a blanket mirroring policy.
Claims 12 and 19 are rejected according to the same rationale of claim 5.
Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Gingell in view of Yagawa and Martel, and further in view of Schneider et al. (“PIE: A Dynamic TCB for Remote Systems with a Platform Isolation Environment”) and Kanakos (“Get-CIMInstance Vs Get-WMIObject: What’s The Difference?”).
Regarding claim 6, the combination of Gingell, Yagawa, and Martel teaches the information handling system of claim 1, and Gingell further teaches 
wherein, to receive the request for the secure memory region with fault resiliency from the first processor instructions, further cause the information handling system to receive, by an operating system enclave driver, the request for the secure memory region with fault resiliency (as the enclave manager “may be implemented in any of a number of different ways, for example, as object code running in a single process, as code stored in a library, or as an RPC service,” [0040] and is part of the untrusted application context accessible by the operating system, see [0040], then the enclave manager that creates the enclaves/receives instructions to create them reads upon this limitation, as a driver is software that manages hardware, and the enclave manager here manages the memory enclaves).
Gingell, Yagawa, and Martel fail to teach 
wherein the instructions further cause the information handling system to provide, by the operating system enclave driver, the request for the secure memory region with fault resiliency to information handling system firmware via a management information exchange.
Schneider’s disclosure relates to providing trusted execution environments, i.e. enclaves, to different peripherals, and as such is in the same field of endeavor as enclave management.
As part of this disclosure, Schneider provides a Keystone based implementation, where Section II.C describes how Keystone is an enclave framework that “relies on low level firmware with the highest privilege, called security monitor (SM), to manage the [physical memory protection] (PMP). The SM maintains its own memory separate from the OS and protected by a PMP entry. IT also facilitates all enclave calls, e.g., it creates enclaves, runs and destroys them”.  Schneider also provides that Intel SGX and Keystone are both similar processor based enclave frameworks, see Section V.A, Paragraph 1.
An obvious substitution can be identified: substituting Gingell’s usage of Intel SGX primitives, see [0048,0076], for an enclave framework with the Keystone framework disclosed by Schneider.  The enclave manager would therefore need to pass calls to create enclave to the security monitor, reading upon providing the request for the secure memory region to firmware by the enclave driver.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to substitute Gingell’s enclave system based on Intel SGX with Schneider’s Keystone framework disclosure.  Both elements are known in the art, and as Schneider has indicated that Intel’s SGX and Keystone are similar, as cited above, then one of ordinary skill in the art would find a substitution of the primitives underlying the enclave framework to be predictable, as both frameworks provide for a traditional processor run enclave framework, and therefore the substitution would not significantly change how the enclaves work.
The combination of Gingell, Yagawa, Martel, and Schneider still fail to teach where the provision of the request to the firmware is performed via a management information exchange.
Kanakos’ disclosure relates to WMI and CIM and as such comprise analogous art, as one of ordinary skill in the art considering how to provide data between entities would find it reasonably pertinent to consider other computer standards.
As part of this disclosure, Kanakos describes WMI and CIM as interfaces for accessing data on a computer, see Paragraph 1, and that both WMI and CIM have been used by computer sysadmins for years, see Paragraph 2.  In particular, a derivative of WMI called Windows Remote Management (WinRM) provides a service for securing data traffic on and between computers, see Paragraphs 7 and 8.
An obvious combination can be identified: combining the use of any of the WinRM/WMI/CIM standards with Gingell’s enclave system for accessing data in a computer.  As combined, these standards are utilized for providing data around, such as the request and calls to create the enclaves earlier discussed.  Such a combination therefore reads upon the limitation of the claim.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to combine Kanakos’ disclosure of the WinRM/WMI/CIM data accessing standards with Gingell’s enclave system.  Both elements are known in the art, and as Kanakos discloses that these standards are used for accessing data and have been available/utilized by sysadmins for years, then one of ordinary skill in the art would recognize that these standards are commonly used and therefore a combination of the standards with Gingell’s enclave system would lead to a predictable result, where all data accessed in Gingell’s system utilize the standards.
Claim 13 is rejected according to the same rationale of claim 6. 
Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Gingell in view of Yagawa and Martel and further in view of Xing et al. (“Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave”) and Soriente et al. (US 2019/0243950).
Regarding claim 7, the combination of Gingell, Yagawa, and Martel teaches the information handling system of claim 1, but fails to teach wherein the instructions further cause the information handling system to: 
create, by an operating system enclave driver, a data structure configured to store a list of enclaves that have been requested for redundancy; 
receive, by the operating system enclave driver, a request for additional storage space for the secure memory region; 
extend, by the operating system enclave driver, the first enclave to include the additional storage space for the secure memory region; 
extend, by the operating system enclave driver, the second enclave to include the additional storage space for the secure memory region; and 
modify, by the operating system enclave driver, the data structure to include an indication of the additional storage space for the secure memory region.
Xing’s disclosure is related to providing an extension to SGX instruction set for enclave management and as such comprises analogous art as in the same field of endeavor relating to enclaves.
As part of this, Xing provides for a view of the application/enclave communication in Figures 2 and 3, where the enclave features a trusted run time system as a library built into an enclave image, see Section 2.2, Paragraph 4, the application contains an untrusted run time system, see Section 2.2, Paragraph 3 and an SGX Driver, similar to Gingell’s enclave manager, is shown in the OS kernel.  
Section 4 then discusses dynamic memory management, where the simple programming model is described as follows in Paragraph 2:
“The enclave needs a page of memory. It must keep a record of its virtual address space and then record that the page has been reserved.  Then it must make an OCall to the uRTS with the page address.  The uRTS will, in turn, send a command to the driver.
The SGX Driver should:
Ensure that the address range of the page is available for use…
Select a free page within [Enclave Page Cache] EPC (If needed, evict a page from EPC).
Create a PTE and map it to the page within EPC
Issue an EAUG instruction with the address of the page
The page is now added to the enclave… The page must be accepted by the enclave before it can be used
After the driver completes, it will complete the command and return to the uRTS, the uRTS will then complete the OCall to return processing back to the enclave. The enclave must then:
Note in its internal virtual memory space record that the page has been committed to the enclave…
Issue an ENCLU[EACCEPT] instruction for the page to remove it from the PENDING state and allow it to be used within the enclave.”
Xing continues in Section 5 to describe some detailed forms of allocating EPC space to an enclave.  Of particular note is the dynamic region in Section 5.3, where the SGX driver can allocate a region of pages instead of one page at a time; as part of the discussion on dynamic regions, Xing discloses that the SGX driver “maintains an array of dynamic region structures per enclave”, where each structure maintains information like the address range of the region, the growing direction, and allocation alignment.
An obvious combination can be identified: combining Xing’s SGX2 Extensions with Gingell’s SGX based enclaves.  Such a combination reads upon the majority of the above limitations.  As discussed above, the SGX driver/enclave manager receives requests for additional storage space from the enclaves themselves, and extends the enclaves by allocating more pages to the enclaves (following the claim 1 rationale, any extension to one enclave should be mirrored to the second enclave), and the SGX driver maintains/modifies data structures to include indication of a dynamic region allocated to the enclaves, reading upon the receiving limitation, both extending limitations, and the modifying limitation.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to combine Xing’s SGX2 Extension set with Gingell’s SGX based enclave system.  Both elements are known in the art, and as Xing’s disclosure provides an extension to SGX that interfaces with the original SGX instruction set that Gingell is disclosed as potentially using for enclaves, then one of ordinary skill in the art would recognize that combining the two disclosures is just extending Gingell’s SGX set with Xing’s SGX2 set.  This would be a predictable result, as Xing’s entire disclosure is related to how the SGX2 Extension complements SGX’s capabilities.
The combination of Gingell, Yagawa, Martel, and Xing still fails to teach the creation limitation.  While Xing does disclose data structures to indicate the additional storage allocated for enclaves and it’s disclosed that the SGX driver maintains the dynamic region data structures for each enclave, this is not in itself understood to be a data structure that stores a list of enclaves that have been requested.
Soriente’s disclosure is related to managing remote enclaves, and as such comprises analogous art as directed to the same field of endeavor as enclave management.
As part of this disclosure, Soriente discloses that an enclave management layer maintains data structures for each application, where the data structure includes “the list of tuples (eid, key, st, eol) where eid is an enclave identifier, key is the key established between EML and the enclave during attestation, st is a status variable, and eol is the current end-of-lease timestamp for that enclave,” [0071].
An obvious modification can be identified: incorporating a data structure in the enclave manager/SGX driver reading upon the enclave driver, where the data structure maintains a list of enclaves for each application. Further, as Xing maintains an array of dynamic region structures per enclave, then this modification can include a pointer to the array of structures for a particular enclave, as the tuple includes an enclave identifier already.  Such a modification reads upon the creating limitation.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Soriente’s data structure including a list of tuples of enclaves per application with Gingell’s system, as Soriente’s data structure provides Gingell’s system an organized way to track how many enclaves exist within the system.
Claims 14 and 20 are rejected according to the same rationale of claim 7.

Response to Arguments
Applicant’s arguments filed September 23, 2022 have been considered but are moot in view of new references.
In view of applicant’s amendments, an updated search was performed, leading to the Martel reference currently cited in the grounds of rejection.  Applicant has not yet had an opportunity to respond to Martel as applied here.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bronk (US 2017/0177449) and Shadmon et al. (US 2019/0158594) disclose using encryption keys for accessing data in enclaves.
Applicant's amendment necessitated the new grounds of rejection presented in this Office action.  The amendment to claim 8’s limitations to remove contingent limitations and introducing the encryption limitation to all independent claims necessitated the new Martel reference. Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AARON D HO whose telephone number is (469)295-9093. The examiner can normally be reached Mon-Thur 9:00-6:00 CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald Bragdon can be reached on (571)272-4204. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.D.H./Examiner, Art Unit 2139     

/REGINALD G BRAGDON/Supervisory Patent Examiner, Art Unit 2139