DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application filed on 10/26/2020. Claims 1-20 are examined.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-5, 8, 11-15 is/are rejected under 35 U.S.C. 102(a)(1) as being Anticipated by Zhang (U.S. 20210165883) based on its priority date of 2018/08/14 from PCT/CN2018/100469 (W.O. 2020034098 Published on 2020/02/20).

Regarding claim 1,
Zhang discloses: In a data processing system having a rich execution environment (REE) and a trusted execution environment (TEE) (Zhang [0031] AI processing apparatus supports a rich execution environment REE and a trusted execution environment TEE), a method comprising: executing an application (Zhang [0005] running of an AI application; [0006] This application provides an artificial intelligence AI processing method, an AI processing apparatus, and a storage medium, to meet a security requirement of an AI application and increase resource utilization) in the REE (Zhang [0088] A rich operating system (Rich OS) is usually an iOS system of an iPhone or an Android system, and runs in the REE; [0077] the program instruction is executed by a processor); and executing a compute kernel that operates on data for the application (Zhang [Fig. 1 Kernel Layer]; [0093]The REE-side components at the kernel layer may include: a first driver module, configured to provide a driver service for the AI processor; and a third driver module, configured to implement switching between an REE and the TEE. The REE-side components at the kernel layer may include: a second driver module, configured to provide a driver service for the AI processor; and the memory configuration interface, configured to configure the memory controller according to an instruction sent by the memory management application) using a hardware accelerator (Zhang [Fig. 1 Hardware Layer]; [0094] The hardware layer may include… the AI processor; [0104] The AI processor may be… a GPU), wherein control of the compute kernel is provided by an accelerator controller in the TEE (Zhang [0031] when the target mode is a first mode, the controller initiates the AI processing request to the AI processor by using a driver in the TEE), and wherein the compute kernel in the REE makes requests to the accelerator controller (Zhang [0031] when the target mode is a second mode, the controller initiates the AI processing request to the AI processor by using a driver in the REE; [0012] The controller may be a CPU, a GPU, or another processor (Examiners note: While the controller is initiating the request the “drivers in the REE” are doing the requesting) when requiring access to the hardware accelerator (Zhang [0045] The controller sets access permission for the storage space as target access permission by using a memory controller, where the target access permission is access permission determined based on the service type requested by the AI processing request. That the AI processor processes an AI processing request in a target mode includes the AI processor processes the AI processing request in the target mode by using the storage space. [0046] In this implementation, the AI processing apparatus sets, based on the service type requested by the AI processing request, the access permission for the storage space required to process the AI processing request. An operation is simple, and security can be further improved).

Regarding claim 11,
	Zhang discloses: A data processing system comprising: a rich execution environment (REE) having a processor (Zhang [0031] the AI processing apparatus supports a rich execution environment REE… the AI processor configured to execute an application (Zhang [0005] running of an AI application; [0006] This application provides an artificial intelligence AI processing method, an AI processing apparatus, and a storage medium, to meet a security requirement of an AI application and increase resource utilization; Zhang [0077] the program instruction is executed by a processor); a hardware accelerator (Zhang [Fig. 1 Hardware Layer]; [0094] The hardware layer may include… the AI processor; [0104] The AI processor may be… a GPU), wherein a compute kernel is executed on the hardware accelerator, and wherein the compute kernel performs computations for the application (Zhang [Fig. 1 Kernel Layer]; [0093]The REE-side components at the kernel layer may include: a first driver module, configured to provide a driver service for the AI processor; and a third driver module, configured to implement switching between an REE and the TEE. The REE-side components at the kernel layer may include: a second driver module, configured to provide a driver service for the AI processor; and the memory configuration interface, configured to configure the memory controller according to an instruction sent by the memory management application); (Zhang [Fig. 1 Hardware Layer]; [0094] The hardware layer may include… the AI processor; [0104] The AI processor may be… a GPU) a trusted execution environment (TEE) (Zhang [0031] AI processing apparatus supports… a trusted execution environment TEE), the TEE providing relatively higher security than the REE (Zhang [0088] It may be understood that security of the TEE is higher than security of the REE In other words, a security level of the TEE is higher than a security level of the REE), wherein the TEE includes an accelerator controller for controlling operation of the hardware accelerator (Zhang [0031] when the target mode is a first mode, the controller initiates the AI processing request to the AI processor by using a driver in the TEE); and a memory having an unsecure portion coupled to the REE and to the TEE (Zhang [0210] The memory 215 is coupled to the central processing unit, [Fig. 1 Hardware Layer]; [0088] A TEE is a running environment that coexists with an REE on a mobile device... The TEE includes trusted software and hardware resources such as a processor core, a secure memory), and a secure portion coupled to only the TEE ([0038] Loading the AI model and the AI operator library code to the AI processor may be loading the AI model and the AI operator library code to a target address (a security address) specified by the AI processor. The target address may be a security address preconfigured by the AI processor. To be specific, an address corresponding to memory space with relatively high security is allocated to the AI processor; [0129] the AI processor processes the AI processing request in the second mode by using a protected memory; [0135] The memory resource may be classified into the secure memory, the protected memory, and the normal memory), wherein the secure portion is relatively more secure than the unsecure portion (Zhang [0129] The security of the first mode is higher than the security of the second mode, and security of the normal memory is lower than security of the protected memory), and wherein data to be accessed by the hardware accelerator is stored in the secure portion of the memory (Zhang [0038] To be specific, an address corresponding to memory space with relatively high security is allocated to the AI processor. The AI processor may extract the AI model and the AI operator library code from the target address. Other data required by the AI processor may also be stored in the target address, and when the AI processor needs the data, the AI processor extracts the corresponding data from the target address).

	Regarding claim 2 and 12,
	Zhang discloses: The method of claim 1, wherein the application is a machine learning application (Zhang [0005] running of an AI application; [0006] This application provides an artificial intelligence AI processing method, an AI processing apparatus, and a storage medium, to meet a security requirement of an AI application and increase resource utilization).
	
Regarding claim 3 and 13,
	Zhang discloses: The method of claim 1, wherein the access to the hardware accelerator  comprises an access to a plurality of control registers in the hardware accelerator for storing control data for controlling operation (Zhang [0032] It may be understood that when working modes that are of the AI processor and that correspond to two AI processing requests are different, the two AI processing requests are processed by using different processing paths and security policies, and the different processing paths correspond to processing procedures of different software stacks; (Zhang [0031] when the target mode is a first mode, the controller initiates the AI processing request to the AI processor by using a driver in the TEE) of the hardware accelerator (Zhang [Fig. 1 Hardware Layer]; [0094] The hardware layer may include… the AI processor; [0104] The AI processor may be… a GPU).
	
Regarding claim 4,
	Zhang discloses: The method of claim 3, wherein the accelerator controller interprets write operations to the hardware accelerator (Zhang [0022] the controller sets the working mode of the internal components of the AI processor to the target mode by using a TrustZone protection controller (TZPC); [0107] Read and write access of the TZPC is implemented in the TEE to ensure that the working mode of the AI processor is securely set).
	
	Regarding claim 5,
	Zhang discloses: The method of claim 4, further comprising storing the data for the application in a secure portion of a memory (Zhang [0088] TEE includes trusted software and hardware resources such as… a secure memory) accessible only by requests provided to the TEE (Zhang, [0088] Conversely, unless explicitly authorized by the TEE, a trusted resource in the TEE can be accessed only by another trusted resource, wherein the secure portion of the memory is more secure than an unsecure portion of the memory (Zhang [0088] It may be understood that security of the TEE is higher than security of the REE In other words, a security level of the TEE is higher than a security level of the REE), and wherein only the TEE has access to the secure portion of the memory (Zhang [0088] unless explicitly authorized by the TEE, a trusted resource in the TEE can be accessed only by another trusted resource. In this way, in this closed and trusted space environment isolated from the Rich OS, personal information and electronic payment of a user can be more securely stored and processed, and a security service is provided for the Rich OS).

	Regarding claim 8,
	Zhang discloses: The method of claim 1, further comprising: accepting, by the accelerator controller, input data from the REE for the compute kernel (Zhang [0150] 501: An AI processing apparatus receives an AI processing request through an AI processing interface in an REE; [0175] As shown in FIG. 5, a unified service request entry, namely, the AI processing interface, is provided in the REE, and AI processing requests are received through the service request entry... A control procedure of the AI processing method is completed on an REE side, and a data processing procedure is completed on a TEE side); and storing the input data in the secure portion of the memory (Zhang [0174] The AI processing apparatus processes the AI processing request by using the applied memory resource. When the AI processor processes an AI processing request with a relatively high security requirement, secure memories need to be applied for both input data and output data, and the data cannot leave a security domain).

	Regarding claim 14,
	Zhang discloses: The data processing system of claim 11, wherein the accelerator controller accepts input data for the hardware accelerator (Zhang [Fig. 1 Hardware Layer]; [0094] The hardware layer may include… the AI processor; [0104] The AI processor may be… a GPU) and stores the input data in the secure portion of the memory (Zhang [0150] 501: An AI processing apparatus receives an AI processing request through an AI processing interface in an REE; [0175] As shown in FIG. 5, a unified service request entry, namely, the AI processing interface, is provided in the REE, and AI processing requests are received through the service request entry... A control procedure of the AI processing method is completed on an REE side, and a data processing procedure is completed on a TEE side; [0174] The AI processing apparatus processes the AI processing request by using the applied memory resource. When the AI processor processes an AI processing request with a relatively high security requirement, secure memories need to be applied for both input data and output data, and the data cannot leave a security domain), and wherein data output from the hardware accelerator is stored in either the unsecure portion of the memory or the secure portion of the memory by the accelerator controller (Zhang [Fig. 4]; [0128] When the running environment of the CPU is the TEE, the running environment of the CPU remains unchanged. Optionally, when the target mode is the second mode, the CPU configures the running environment as the REE Specifically, when the running environment of the CPU is the TEE, the CPU switches the running environment from the TEE to the REE. When the running environment of the CPU is the REE, the running environment of the CPU remains unchanged).
	
	Regarding claim 15,
	Zhang discloses: The data processing system of claim 11, wherein the data used by the hardware accelerator (Zhang [Fig. 1 Hardware Layer]; [0094] The hardware layer may include… the AI processor; [0104] The AI processor may be… a GPU) is stored in the secure portion of the memory (Zhang [0038] To be specific, an address corresponding to memory space with relatively high security is allocated to the AI processor. The AI processor may extract the AI model and the AI operator library code from the target address. Other data required by the AI processor may also be stored in the target address, and when the AI processor needs the data, the AI processor extracts the corresponding data from the target address), and wherein the accelerator controller executes memory accesses to the secure portion of the memory on behalf of the hardware accelerator (Zhang [0045] The controller sets access permission for the storage space as target access permission by using a memory controller; [Fig. 1 Hardware Layer]; [0094] The hardware layer may include… the AI processor; [0104] The AI processor may be… a GPU).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 6-7 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (U.S. 20210165883) based on its priority date of 2018/08/14 from PCT/CN2018/100469 (W.O. 2020034098 Published 2020/02/20), in view of Johnson (U.S. 20100017625).

Regarding claim 6, 
	Zhang discloses: The method of claim 5,
Zhang does not disclose further comprising replacing addresses for accessing data in the unsecure portion of the memory with addresses of data in the secure portion of the memory 
However, in the same field of endeavor Johnson teaches: further comprising replacing addresses for accessing data in the unsecure portion of the memory with addresses of data in the secure portion of the memory ([0042] The address of the decrypted (plain text) page in private memory 200 is stored in the "Pointer" column of table 300, and is linked to the address of the encrypted page in unprotected memory 102 stored in the "SHA-1" column of table 300, so that the operating system of system/architecture 10 can locate and operate on the plain text code and/or data in protected memory).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Johnson in the data processing system of Zhang by linking the addresses unencrypted pages and corresponding encrypted pages. This would have been obvious because the person having ordinary skill in the art would have been motivated  so that the operating system of system/architecture 10 can locate and operate on the plain text code and/or data in protected memory (Johnson 0042). 

Regarding claim 7, 
	Zhang discloses: The method of claim 5,
Zhang does not disclose: further comprising: storing the data for the application encrypted in the unsecure portion of the memory; and decrypting the encrypted data for the application when storing the encrypted data for the application in the secure portion of the memory, wherein decrypting the encrypted data is performed using a key that has been provisioned to the accelerator controller.
However, in the same field of endeavor Johnson teaches: further comprising: storing the data for the application encrypted in the unsecure portion of the memory (Johnson [0023] proprietary information is stored in unencrypted form only in protected memory 104); and decrypting the encrypted data for the application when storing the encrypted data for the application in the secure portion of the memory (Johnson [0023] encrypted information in unprotected memory 102 is unencrypted, then stored in protected memory 104 prior to execution and/or operation on it by processor 11), wherein decrypting the encrypted data is performed using a (Johnson [0046] in step 470, the operating system decrypts the encrypted proprietary information using conventional software tools for such operations. Generally, the information is decrypted using the decryption key stored in the manufacturer-supplied ROM) key that has been provisioned to the (Johnson [0046] the decryption key stored in the manufacturer-supplied ROM) accelerator controller (Johnson [0019] FIG. 1, Processor 11 (which may include a… FPGA… ROM, which may comprise one or more discrete memory devices, is communicatively coupled to processor 11).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Johnson in the data processing system of Zhang by encrypting unsecure data and unencrypting secure data using encryption keys which are uses by a processing device to encrypt and decrypt. This would have been obvious because the person having ordinary skill in the art would have been motivated to provide a mechanism for hiding proprietary data in protected memory (e.g., memory the addresses of which are protected [preferably by hardware] from user and/or software access), so that it is not visible either (a) in plain text or recognizable form from unprotected memory, or (b) to non-proprietary, conventional and/or untranslated software-controlled processes (Johnson 0024).

Regarding claim 16, 
	Zhang discloses: The data processing system of claim 15, 
Zhang does not disclose: wherein the accelerator controller replaces addresses that refer to locations of the unsecure portion of the memory with addresses that refer to locations in the secure portion of the memory.
However in the same field of endeavor Johnson teaches: wherein the accelerator controller  (Johnson [0019] FIG. 1, Processor 11 (which may include a… FPGA… ROM, which may comprise one or more discrete memory devices, is communicatively coupled to processor 11) replaces addresses that refer to locations of the unsecure portion of the memory with addresses that refer to locations in the secure portion of the memory (Johnson [0042] The address of the decrypted (plain text) page in private memory 200 is stored in the "Pointer" column of table 300, and is linked to the address of the encrypted page in unprotected memory 102 stored in the "SHA-1" column of table 300, so that the operating system of system/architecture 10 can locate and operate on the plain text code and/or data in protected memory).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Johnson in the data processing system of Zhang by linking the addresses unencrypted pages and corresponding encrypted pages. This would have been obvious because the person having ordinary skill in the art would have been motivated  so that the operating system of system/architecture 10 can locate and operate on the plain text code and/or data in protected memory (Johnson 0042). 

Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (U.S. 20210165883) based on its priority date of 2018/08/14 from PCT/CN2018/100469 (W.O. 2020034098 Published 2020/02/20), in view of HOOGERBRUGGE (U.S. 20180276392). 

Regarding claim 9,
	Zhang discloses: The method of claim 8, further comprising selectively (Hoogerbrugge [0013] determining that decrypted data in the cache memory is dirty… encrypting the dirty decrypted data; [0014] wherein the interpreter may encrypt the dirty decrypted data) providing output data from the secure portion of the memory for storage in the unsecure portion of the memory (Hoogerbrugge [Fig. 1-14; Fig. 1-22]; [0023] At step 98, interpreter 22 sends the encrypted data block to service block 20 to be written to unsecured storage in memory 16).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hoogerbrugge in the data processing of Zhang by storing encrypted data in unsecure memory. This would have been obvious because the person having ordinary skill in the art would have been motivated because a person of ordinary skill would know that data may be further protected using one or more of obfuscation and tamper proofing of data processing system 10 (Hoogerbrugge 0024) and that secure processors may store code and data in a plain, unencrypted, state in a secure memory if a secure memory is available. Otherwise, the secure processor must first encrypt the data and store the encrypted data in an unsecure memory (Hoogerbrugge 0002). 

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (U.S. 20210165883) based on its priority date of 2018/08/14 from PCT/CN2018/100469 (W.O. 2020034098 Published 2020/02/20), in view of HOOGERBRUGGE (U.S. 20180276392) in further view of Paatero (U.S. 20050210287).

Regarding claim 10,
	Zhang and Hoogerbrugge discloses: The method of claim 9,
Zhang and Hoogerbrugge does not disclose: wherein intermediate results from computations by the compute kernel are only stored in the secure portion of the memory
However in the same field of endeavor Paatero teaches: wherein intermediate results from computations by the compute kernel are only stored in the secure portion of the memory ([0042] The secure environment 104 also comprises RAM 106 for storage of data and applications, i.e. protected data. The RAM 106 preferably stores so called protected applications, which are smaller size applications for performing security critical operations inside the secure environment 104, but also objects such as cryptographic keys, intermediate cryptographic calculation results).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Paatero in the data processing of Zhang and Hoogerbrugge by storing intermediate results in protected memory. This would have been obvious because the person having ordinary skill in the art would have known that Protection of data and program code is highly desirable (Paatero 0005) and that intermediate cryptographic calculation results…. Ideally, they shall be known by as few people as possible since a device possibly can be tampered with if its security related components are known. Access to these types of components might aid an attacker which has a malicious intent to manipulate a terminal (Paatero 0002).

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (U.S. 20210165883) based on its priority date of 2018/08/14 from PCT/CN2018/100469 (W.O. 2020034098 Published 2020/02/20), in view of Smets (W.O. 2016109643).

	Regarding claim 17, 
	Zhang discloses: The data processing system of claim 15, 
Zhang does not disclose: wherein the accelerator controller determines if data read from the secure portion of the memory can be returned to the REE 
However, in the same field of endeavor Smets teaches: wherein the accelerator controller determines if data read from the secure portion of the memory can be returned to the REE ([Fig. 2]; [Page 14 Line 28-35] The data is processed in the secure environment of the MTPA 16 to determine which portions are sensitive and should be retained within the TEE, and which portions are necessary for the MPA 14 to carry out the transaction and hence must be provided to the REE).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Smets in the data processing of Zhang by using a processing device to determine what information should remain in trusted memory. This would have been obvious because the person having ordinary skill in the art would have been motivated in order to provide a simple and secure means for carrying out secure processing by utilizing the capabilities of a trusted execution environment (TEE) and a Rich execution environment (REE) within a user's mobile device (Smets Page 3 Line 6-15).

Claims 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (U.S. 20210165883) based on its priority date of 2018/08/14 from PCT/CN2018/100469 (W.O. 2020034098 Published 2020/02/20), in view of Smets  (W.O. 2016109643), in further view of HOOGERBRUGGE (U.S. 20180276392). 

Regarding claim 18, 
	Zhang and Smets disclose: The data processing system of claim 17
Zhang and Smets do not disclose: wherein the read data is stored encrypted in the unsecure portion of the memory 
However, in the same field of endeavor Hoogerbrugge teaches : wherein the read data is stored encrypted in the unsecure portion of the memory (Hoogerbrugge [0011] Generally, there is provided, a data processing system having a rich execution environment (REE) and a trusted execution environment (TEE). An unsecure memory is coupled to the REE and used for storing encrypted data and/or instructions for use in the TEE. The TEE may have a cache for storing the encrypted data after it is decrypted).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hoogerbrugge in the data processing of Zhang and Smets by storing encrypted data in unsecure memory. This would have been obvious because the person having ordinary skill in the art would have been motivated because a person of ordinary skill would know that data may be further protected using one or more of obfuscation and tamper proofing of data processing system 10 (Hoogerbrugge 0024). 

Regarding claim 19, 
	Zhang discloses: The data processing system of claim 18
Zhang does not disclose: wherein the encrypted read data is decrypted before being stored in the secure portion of the memory, and wherein a key for decrypting the encrypted read data is provisioned to the accelerator controller in the TEE.
However, in the same field of endeavor Hoogerbrugge teaches: wherein the encrypted read data is decrypted before being stored in the secure portion of the memory ([0011] The TEE may have a cache for storing the encrypted data after it is decrypted), and wherein a key for decrypting the encrypted read data is provisioned to ([0017] Interpreter 22 decrypts the data and provides the decrypted data to cache 24) the accelerator controller ([Figure 1-10]) in the TEE (TEE 14 includes interpreter 22).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hoogerbrugge in the data processing of Zhang and Smets by using a key that is provided to the decryptor to decrypt data. This would have been obvious because the person having ordinary skill in the art would have been motivated because a person of ordinary skill would know that data may be further protected using one or more of obfuscation and tamper proofing of data processing system 10 (Hoogerbrugge 0024).

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (U.S. 20210165883) based on its priority date of 2018/08/14 from PCT/CN2018/100469 (W.O. 2020034098 Published 2020/02/20), in view of Paatero (U.S. 20050210287).

Regarding claim 20,
	Zhang discloses: The data processing system of claim 11,
Zhang does not disclose: wherein intermediate results from computations by the compute kernel are only stored in the secure portion of the memory
However in the same field of endeavor Paatero teaches: wherein intermediate results from computations by the compute kernel are only stored in the secure portion of the memory ([0042] The secure environment 104 also comprises RAM 106 for storage of data and applications, i.e. protected data. The RAM 106 preferably stores so called protected applications, which are smaller size applications for performing security critical operations inside the secure environment 104, but also objects such as cryptographic keys, intermediate cryptographic calculation results).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Paatero in the data processing of Zhang by storing intermediate results in protected memory. This would have been obvious because the person having ordinary skill in the art would have known that Protection of data and program code is highly desirable (Paatero 0005) and that intermediate cryptographic calculation results…. Ideally, they shall be known by as few people as possible since a device possibly can be tampered with if its security related components are known. Access to these types of components might aid an attacker which has a malicious intent to manipulate a terminal (Paatero 0002).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's
disclosure.
AHN AN YOUNG 4/8/2017 (KR 20170095780) teaches Processing data with a TEE and an REE using a GPU.
Maor 12/31/2019 (US 20210200882) teaches securely processing data using a TEE and an REE.
Any inquiry concerning this communication or earlier communications from the examiner
should be directed to THOMAS A CARNES whose telephone number is (571)272-4378. The examiner can
normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a
USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use
the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor,
Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where
this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To
file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit
https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and
https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional
questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like
assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or
571-272-1000.
/T.A.C./
Examiner, Art Unit 2436

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434