Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
This is in response to the original of July 10, 2019 and preliminary amendments of July 11, 2019.  Claims 1-20 have been cancelled. Claims 21-40 have been added. Claims 21-40 are pending and have been considered below.

Priority
16507476, filed 07/10/2019 is a continuation of 15199673, filed 06/30/2016 ,now U.S. Patent #10396991 and having 1 RCE-type filing therein.

Drawings
The drawings filed on 07/10/2019 are accepted.

Specification
The amendment to the specification filed on 07/10/2019 is accepted.

Examiner Note
101 has been considered regarding claims 36-40, however the examiner noted that the specification at paragraph 155 teaches “computer-readable storage medium to exclude signal per se, or any type of propagating signal per se.  ” Computer storage media (or “computer-readable storage media”) includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. Computer storage media includes RAM, ROM, EEPROM, solid state storage, flash memory or other memory technology, CD-ROM, digital versatile discs (DVDs), Blu-ray Disc (BD) or other optical disk storage (e.g., Universal Serial Bus (USB) drive, hard disk drive), magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium  which can be used to store the desired information and which can be accessed by the computer 1110. “Computer storage media” is different from “communication media.” Thus, as used herein, the term “computer-readable storage medium” is not a signal per se, nor any type of propagating signal per se.”

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 27 and 36 are rejected under 35 U.S.C. 103 as being unpatentable over Thom et al U.S. 2011/0099367 A1 in view of Raghuram et al U.S. 2013/0198797 A1.
Claims 21 and 36: Thom et al teaches a method computer-readable storage medium storing instructions which, when executed by a programmable processor or a hardware logic component (Fig.1), implement trusted functionality configured to: comprising:
receiving requests provided by a client to perform multiple data operations on a set of data within a trusted module or functionality (Figs1-5, par.45-48,a client requests that the TPM generate a new key. As noted above, the new key may be, for example, an RSA key pair wherein the he TPM then creates the AIK (at 210), and returns an identity binding. As noted above, the identity binding contains the AIK-Public, the digest, and a signature taken over AIK-Public and the digest (with the signature being created with AIK-Private., the client requests that the TPM sign the new key with AIK. The TPM then returns a key certification structure, which contains (an explicit or implicit) statement about the new key), the trusted module or functionality sharing a cryptographic key with the client (par.42-48);
performing the multiple data operations within the trusted module or functionality (par.45-48, The TPM then returns a key certification structure, which contains (an explicit or implicit) statement about the new key (e.g., "This key is non-migratable"), the new key itself, and a signature taken over the statement and the new key (with the signature being created with AIK-Private));
after performing the multiple data operations, performing par. 50-53,  the CA sends, to the client that requested the certificate, the certificate of the key (with the encrypted signature), and the symmetric key encrypted by EK-Public. At 248, these items are received by the client. At 250, the client asks the TPM to decrypt the symmetric key with EK-Private. Assuming that the key contained in the certificate is the same one that the TPM signed with the AIK that was used for the certificate request, the TPM decrypts the symmetric key (at 252) and returns it to the client. The client then uses the symmetric key to decrypt the signature, and replaces the encrypted signature in the certificate with a clear signature (at 256). The client now possesses a usable certificate for the new key (at 258);
in an instance where the par. 50-53.  At 250, the client asks the TPM to decrypt the symmetric key with EK-Private. Assuming that the key contained in the certificate is the same one that the TPM signed with the AIK that was used for the certificate request, the TPM decrypts the symmetric key (at 252) and returns it to the client); and
outputting the cryptographic verification information and results of the multiple data operations(client uses symmetric key to decrypt signature and replaces the encrypted signature with a clear signature).
Thomas fails to teach the verification is differed verification nor that the verification is performed in the trusted module, however Raghuram et al in the same field of endeavor teaches 
a deferred verification that is performed in the trusted module or functionality (par3, 23, The Attestation mechanism would work seamlessly to attest to the Trust of Virtual Machines once we have virtual TPMs (trusted platform modules).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Thom et al with the addition feature of Raghuram et al in order to enabling remote device trust attestation and geo-location functionality in cloud computing environments., as suggested by Raghuram et al  par. 3.
Claim 27: Thom et al teaches a trusted module comprising:
a cryptographic key shared with a client (par. 20, EK for all laptops); and
 logic circuitry (Fig.1)configured to:
receive requests provided by the client to perform multiple data operations on a set of data within the trusted module (Figs1-5, par.45-48,a client requests that the TPM generate a new key. As noted above, the new key may be, for example, an RSA key pair wherein the he TPM then creates the AIK (at 210), and returns an identity binding. As noted above, the identity binding contains the AIK-Public, the digest, and a signature taken over AIK-Public and the digest (with the signature being created with AIK-Private., the client requests that the TPM sign the new key with AIK. The TPM then returns a key certification structure, which contains (an explicit or implicit) statement about the new key);
 perform the multiple data operations within the trusted module (par.45-48, The TPM then returns a key certification structure, which contains (an explicit or implicit) statement about the new key (e.g., "This key is non-migratable"), the new key itself, and a signature taken over the statement and the new key (with the signature being created with AIK-Private)); 
after performing the multiple data operations, perform par. 50-53,  the CA sends, to the client that requested the certificate, the certificate of the key (with the encrypted signature), and the symmetric key encrypted by EK-Public. At 248, these items are received by the client. At 250, the client asks the TPM to decrypt the symmetric key with EK-Private. Assuming that the key contained in the certificate is the same one that the TPM signed with the AIK that was used for the certificate request, the TPM decrypts the symmetric key and returns it to the client. The client then uses the symmetric key to decrypt the signature, and replaces the encrypted signature in the certificate with a clear signature. The client now possesses a usable certificate for the new key );
in an instance where the deferred verification succeeds, generate cryptographic verification information using the cryptographic key, the cryptographic verification information attesting to integrity of the multiple data operations (par. 50-53.  At 250, the client asks the TPM to decrypt the symmetric key with EK-Private. Assuming that the key contained in the certificate is the same one that the TPM signed with the AIK that was used for the certificate request, the TPM decrypts the symmetric key (at 252) and returns it to the client); and 
outputting the cryptographic verification information and results of the multiple data operations(client uses symmetric key to decrypt signature and replaces the encrypted signature with a clear signature).
Thomas fails to teach the verification is differed verification nor that the verification is performed in the trusted module, however Raghuram et al in the same field of endeavor teaches 
a deferred verification that is performed in the trusted module (par3, 23, The Attestation mechanism would work seamlessly to attest to the Trust of Virtual Machines once we have virtual TPMs (trusted platform modules).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Thom et al with the addition feature of Raghuram et al in order to enabling remote device trust attestation and geo-location functionality in cloud computing environments., as suggested by Raghuram et al  par. 3.
Claims 22-25, 28-31 and 37-40 are rejected under 35 U.S.C. 103 as being unpatentable over Thom et al U.S. 2011/0099367 A1 in view of Raghuram et al U.S. 2013/0198797 A1 in further view of Li et al U.S. 2005/0283662 A1.
Claims 22 and 28:  the combination fails to teach, however Li et al in the same field of endeavor teaches  further comprising:
in another instance when the deferred verification fails, resorting to a previously-verified backup of the set of data (par.21-22).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Li et al in order to  provides secure data backup and recovery for an electronic device, as suggested by Li et al  abstract.
Claims 23 and 29:  the combination fails to teach, however Li et al in the same field of endeavor teaches  further comprising:
maintaining a read set for the multiple data operations and a write set for the multiple data operations (par.21-22, 27-28).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Li et al in order to  provides secure data backup and recovery for an electronic device, as suggested by Li et al  abstract.
Claims 24, 30 and 38:  the combination fails to teach, however Li et al in the same field of endeavor teaches  further comprising:
determining that the deferred verification succeeds when the read set matches the write set (par.21-22,27-28).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Li et al in order to  provides secure data backup and recovery for an electronic device, as suggested by Li et al  abstract.
Claims 25, 31 and 39:  the combination fails to teach, however Li et al in the same field of endeavor teaches  further comprising:
determining that the deferred verification fails when the read set does not match the write set (par.21-22,27-28).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Li et al in order to  provides secure data backup and recovery for an electronic device, as suggested by Li et al  abstract.
Claim 37: the combination fails to teach, however Li et al in the same field of endeavor teaches wherein the instructions, when executed by the programmable processor or the hardware logic component, configure the trusted functionality to
maintain a read set for the multiple data operations and a write set for the multiple data operations(par.21-22,27-28); and
use the read set and the write set to perform the deferred verification (par.21-22,27-28).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Li et al in order to  provides secure data backup and recovery for an electronic device, as suggested by Li et al  abstract.
Claim 40: the combination fails to teach, however Li et al in the same field of endeavor teaches  wherein the instructions, when executed by the programmable processor or the hardware logic component, configure the trusted functionality to:
perform at least one recovery action in another instance when the deferred verification fails (par.21-22,27-28).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Li et al in order to  provides secure data backup and recovery for an electronic device, as suggested by Li et al  abstract.


Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over Thom et al U.S. 2011/0099367 A1 in view of Raghuram et al U.S. 2013/0198797 A1 in further view of Gardner U.S. 8,756,417 B1.
Claim 33: the combination fails to teach , however Gardner in the same field of endeavor teaches 
implemented as a field-programmable gate array (col.1, lines 45-60).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Gardner in order to provide  to provide the highest levels of security and assurance, and only provide exactly the intended functionality, as suggested by Gardner  col. 1, lines 13-20.

Claim 34 is rejected under 35 U.S.C. 103 as being unpatentable over Thom et al U.S. 2011/0099367 A1 in view of Raghuram et al U.S. 2013/0198797 A1in further view of Scott-Nash et al U.S. 20140006776 A1.
Claim 34: the combination fails to teach , however Scott-Nash et al in the same field of endeavor teaches 
implemented in a central processing unit (par. 66).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Scott-Nash et al in order to provide providing a supervisor to manage a lifecycle of a virtual trusted platform module, as suggested by Scott-Nash et al abstract.


Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Thom et al U.S. 2011/0099367 A1 in view of Raghuram et al U.S. 2013/0198797 A1 in further view of Johnson et al U.S. 2012/0163589 A1.
Claim 35: the combination fails to teach , however Johnson et al in the same field of endeavor teaches 
implemented within a secure enclave provided by a central processing unit (Fig.2, par. 57, 80).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Thom et al with the addition feature of Johnson et al in order to provide trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave, as suggested by Johnson et al  par. 32.

Allowable Subject Matter

Claims 26 and 32 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685. The examiner can normally be reached 6:30-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on 5712724219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





Sunday, October 30, 2022
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436