Prosecution Insights
Last updated: July 17, 2026
Application No. 17/131,716

REDUCING LATENCY OF HARDWARE TRUSTED EXECUTION ENVIRONMENTS

Non-Final OA §103
Filed
Dec 22, 2020
Examiner
OLAEGBE, MUDASIRU K
Art Unit
2495
Tech Center
2400 — Computer Networks
Assignee
Intel Corporation
OA Round
7 (Non-Final)
74%
Grant Probability
Favorable
7-8
OA Rounds
0m
Est. Remaining
91%
With Interview

Examiner Intelligence

Grants 74% — above average
74%
Career Allowance Rate
63 granted / 85 resolved
+16.1% vs TC avg
Strong +17% interview lift
Without
With
+17.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
27 currently pending
Career history
116
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
93.6%
+53.6% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
0.9%
-39.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 85 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This communication is in response to the amendments filed on 12/23/2025. Claims 17, 21-22, 24-26, 28-32, and 34-37 are currently pending in the application. Information Disclosure Statement The information disclosure statement (IDS) submitted on 12/23/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Applicant's arguments filed 12/23/2025 have been fully considered but they are moot in view of the amendments and the new reference that addresses applicant’s concern. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 17, 22, 25-26, 29, 31-32, 35, and 37 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPub. No. 20210200546 to LEMAY et al. (hereinafter LEMAY) in view of U.S. PGPub. No. 20160057619 to Lopez; Eduardo, (hereinafter Lopez) and further in view of U.S. PGPub. No. 20220131845 to Gaddam; Sivanarayana (hereinafter Gaddam). Regarding claims 17, 26, and 32, LEMAY discloses a non-transitory computer-readable medium having stored thereon instructions which, when executed, caused a computing device to perform operations comprising (¶0411, example 17, “a non-transitory machine readable medium that stores program code that when executed by a machine causes the machine to perform a method comprising”): pre-initializing trusted execution environments (TEEs) (¶0362, “As shown, each TEE 2814, 2834, and 2854 is to provision and configure the compartments in its address range. In some embodiments, each TEE 2814, 2834, and 2854 is in a different processor or processor core, and in other embodiments, one of more of the TEEs are on a same processor.”), (¶0278, “the TEE 1934 is to partition an address space within the memory into a plurality of compartments, shown here as compartments 1902 and 1912, and shared heap 1910. Each compartment 1902 and 1912 here includes a private memory associated with code to execute a function…”, wherein provisioning and configuring the compartments in the address range is interpreted as pre-initializing the TEE), wherein pre-initializing incudes allocating memory to the TEEs (¶0219, “Certain embodiments herein allocate heap memory. In certain embodiments, managing memory allocations is where a zoned approach to memory safety is useful for minimizing total overhead. For example, three types of zones can be defined as shown in FIG. 15.”), (¶0277-¶0278, “Also illustrated is single address space controller 1930, which includes shared heap memory allocator with reference counting 1932, trusted execution environment (TEE) 1934, and a scheduler for passing message objects between services 1936…”), (¶0331, “The trusted execution environment provides services such as memory allocation on the shared heap and private message heaps, reference counting of those allocations, scheduling, adapting local and remote requests, etc.”), wherein pre-initializing the TEEs comprises copying a state of a template TEE to one or more TEEs of the TEEs (¶0339, “…a service that handles network requests defines a separate epoch for each incoming request. That enables the service to save its state in its private memory region across multiple requests…”, wherein saving its state in its memory across multiple requests is interpreted as copying a state of a template TEE to one or more TEEs of the TEEs and wherein the plurality of service compartments is hosted in in the memory allocated to the TEE and the TEE is to provision the function and schedule operation of the code for the service compartments ¶0278) upon pre-initializing the TEEs, receive a request for a TEE (¶0279, “at some point, after the code in service #1 compartment begins to run, the TEE 1934 receives a request to send a message from a first compartment, the request including a pointer to a message block in the heap, and a destination compartment identifier (e.g., service #2 compartment 1912), “(¶0163, “…Depicted method 1000 includes receiving a request to access a block of memory through a pointer to the block of memory 1002; allowing access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer 1004; and clearing the allocated object tag in the capability table when a corresponding object is deallocated 1006.”); in response to the request, selecting the TEE from the pre-initialized TEEs (¶0279, “In response, the TEE 1934 authenticates the request generates a corresponding encoded capability, conveys the encoded capability to the destination compartment, and schedules the destination compartment to respond to the request”, wherein TEE 1934 is the selected TEE from plurality of TEEs); and providing access to the selected TEE (¶0279, “the TEE 1934 receives a check capability request from service #2 compartment 1912, and responds by checking the encoded capability and, when the check passes, providing service #2 compartment 1912 a memory address to access the message block”). However, LEMAY even though discloses enhancing the compiler by inserting the needed CheckCap instructions prior to memory accesses (¶0329), and updating the thread-local indicator of the current scheduled PD prior to invoking it (¶0318), does not explicitly disclose the limitation of: wherein prior to providing access to the selected TEE, the selected TEE is modified based on information associated with the request; wherein modifying the selected TEE comprises assigning an encryption key to the selected TEE, and encrypting the memory allocated to the selected TEE based on the encryption key. Lopez discloses wherein pre-initializing includes allocating memory to the TEEs (¶0336, “…portable communication device 500 may partition its available memory into different memory regions including a memory region that is dedicated for use by TEE 1512.”); wherein prior to providing access to the selected TEE, the selected TEE is modified based on information associated with the request (¶0009, “…The application agent executing in the trusted execution environment may receive a request to conduct a transaction from the application executing in the normal execution environment, generate a transaction cryptogram using the LUK, and access a contactless interface of the communication device to transmit the transaction cryptogram to an access device to conduct the transaction.”) wherein modifying the selected TEE comprises re-encrypting a physical memory assigned to the selected TEE with a new key (¶0345, “…In response to receiving the account parameters including the LUK from mobile application 1520, CBP application agent 1523 may store the account parameters including the LUK in a secure storage of TEE 1512. In some embodiments, CBP application agent 1523 may encrypt the account parameters and the LUK, and store them in an encrypted form in the secure storage of TEE 1512.”), (¶0009, “…The application agent executing in the trusted execution environment may store the LUK in a secure storage of the trusted execution environment. The application agent executing in the trusted execution environment may receive a request to conduct a transaction from the application executing in the normal execution environment, generate a transaction cryptogram using the LUK,…”, wherein generating a transaction cryptogram using the limited-use key (LUK) is a form of encryption process to secure the transaction), (¶0333, “…If the transaction log information in the replenishment request matches the transaction log information at CBPP 1480, CBPP 1480 may send a new LUK to CBP application 1423, and CBP application 1423 may store the new LUK to be used in subsequent transactions.”, wherein subsequent transactions using the new LUK correspond to re-encrypting the physical memory assigned to the TEE since the LUK is stored in the memory allocated to the TEE), (¶0196, “… the transaction cryptogram may be generated by enciphering transaction information (e.g., dynamic transaction information such as terminal transaction data received from an access device during a transaction) using a first portion of the LUK, deciphering the enciphered transaction information using a second portion of the LUK, and re-enciphering the deciphered transaction information using the first portion of the LUK.”), (¶0055, “…the dynamic set of data may include a limited-use key (LUK) that is used as an encryption key to generate a transaction cryptogram during a transaction…”), Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the non-transitory computer readable medium of LEMAY to include re-encrypting the physical memory of selected TEE as disclosed by Lopez and be motivated in doing so in order to provide additional level of security for the transactions in the TEE- Lopez ¶0258 in parts. The combination of LEMAY and Lopez does not explicitly disclose the limitation of: wherein the selected TEE is re-encrypted using a unique key for the selected TEE based on a corresponding unique key identifier Gaddam discloses wherein the selected TEE is re-encrypted using a unique key for the selected TEE based on a corresponding unique key identifier (¶0020, “…each node of the proxy network may include a trusted execution environment (TEE), whereby the trusted execution environment ensures that code and data executed or operated upon within the trusted execution environment are protected with respect to confidentiality and integrity…”), (¶0025, “…the present disclosure offers a unique combination of elements within the context of a payment on delivery type of transaction (e.g., utilizing a decentralized proxy network of nodes maintaining a blockchain, each node being equipped to perform re-encryption of encrypted credentials on behalf of another node in the proxy network, and performing authentication using risk policies of an authorization capsule within a trusted execution environment).”), (¶0084, “the dynamic data element may be associated with a particular interaction (e.g., transaction) to generate a unique identifier. As an example, a reception node may receive a request from a merchant that includes a user cart information (e.g., items being ordered) and a payment gateway that merchant has a pre-existing association with (i.e., the target payment gateway)…”) see also ¶0006, and ¶0007, regarding re-encryption and ¶0044 regarding TEE. Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the non-transitory computer readable medium of LEMAY and Lopez to include re-encrypting the selected TEE as disclosed by Gaddam in order to ensure the integrity of applications executing within the trusted execution environment, along with the confidentiality of data that is processed within the trusted execution environment-Gaddam ¶0044 in parts. Regarding claims 22, 29, and 35, LEMAY in view of Lopez and further in view of Gaddam discloses the non-transitory computer readable medium of claim 17, the apparatus of claim 26, and the method of claim 32 respectively. LEMAY further discloses wherein: the selected TEE is restored to the state of the template TEE upon completion of execution of the selected TEE (¶0243, “…When a compartment has completed a processing session (e.g., usage of objects in the shared data region, although data may be persisted in the private data region across sessions), the key used to generate the MAC is rotated to revoke all capabilities generated using the previous key in certain embodiments…”, wherein rotating the key and revoking all capabilities will restore the TEE to state of a template TEE (ie no access or read-only state) and wherein the read-only is TEE is a template TEE in line with applicant disclosure in ¶0024 of the specification), (¶0312-¶0313, “FIG. 24D is a block flow diagram illustrating a CheckBoundSlice sub-flow of a security check flow, according to some embodiments. CheckBoundSlice is a sub-flow, insofar as it is invoked by operation 2456 (FIG. 24C). CheckBoundSlice flow starts at 2482. At 2484, the TEE is to determine: is LB<UB? If not, the TEE at 2490 is to determine: is LB<=Pointe [ChkSize+2:ChkSize]∥Pointer[ChkSize+2:ChkSize<UB? If not, the TEE at 2492 is to generate a fault. But if the answer at 2490 is Yes, the TEE at 2494 is to return to the invoking flow, CheckPointer (FIG. 24C)”, wherein the TEE returning to the invoking flow is interpreted as the TEE returning to no access state (template TEE)). Regarding claim 25, 31, and 37, LEMAY in view of in view of Lopez and further in view of Gaddam discloses the non-transitory computer readable medium of claim 17, the apparatus of claim 26, and the method of claim 32 respectively. LEMAY further discloses wherein the operations further comprise: receiving a pre-computed hash value; determine a hash value of a binary memory state; and based on the determined hash value and the pre-computed hash value, copy the binary memory state from unsecured memory to the selected TEE (¶0130, FIG. 4A “…. compare the expected type for the memory request access instruction to the object type from the capability table entry field 420 (e.g., the type value (e.g., hash) in FIG. 6A), and if no, then fault 412, and if yes, perform an access using the pointer 422 (e.g., an access to base value from capability table entry plus an offset from the pointer). In some embodiments, a bit may be defined in the capability table entry (e.g. a bit that would otherwise be reserved or unused) that indicates that a type check must always be performed at 420 prior to accessing memory using the capability. If the data access instruction does not specify an expected type when accessing such a capability, a fault may be generated.”, wherein the expected type value (hash) for the memory request is the pre-computed hash and the object type value (hash) is interpreted as the hash value of a binary memory, and wherein performing an access using the pointer 422 (e.g., an access to base value from capability table entry plus an offset from the pointer) and using a bit that indicates that a type check must always be performed at 420 prior to accessing memory using the capability is interpreted as copying the binary memory state from unsecured memory to the selected TEE), wherein the computing device comprises processing circuitry having one or more of application processing circuitry or graphics processing circuitry (¶0524, “…a processing system includes any system that has a processor, such as, for example; a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), or a microprocessor.”), (¶0486, “…the coprocessor on the same die as a CPU (in which case, such a coprocessor is sometimes referred to as special purpose logic, such as integrated graphics and/or scientific (throughput) logic, or as special purpose cores); and 4) a system on a chip that may include on the same die the described CPU (sometimes referred to as the application core(s) or application processor(s))”). Claims 21, 28, and 34 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPub. No. 20210200546 to LEMAY et al. (hereinafter LEMAY) in view of U.S. PGPub. No. 20160057619 to Lopez; Eduardo, (hereinafter Lopez) and further in view of U.S. PGPub. No. 20220131845 to Gaddam; Sivanarayana (hereinafter Gaddam) and further in view of CN 107870788 to YU, HUA-WEI (hereinafter YU). NOTE: The YU reference is provided by the applicant in the IDS submitted on 06/30/2023. Citations from YU is from the PDF version of the English translation attached to the OC set by the examiner for easy reference as the English translation of the reference does not provide paragraphs numbering. Regarding claims 21, 28, and 34, LEMAY in view of Lopez and further in view of Gaddam discloses the non-transitory computer readable medium of claim 17, the apparatus of claim 26, and the method of claim 32 respectively. However, LEMAY in view of Lopez and Gaddam does not explicitly disclose the limitation of: wherein modifying the selected TEE comprises starting or restarting the selected TEE, wherein modifying the selected TEE further comprises copying data or code to the memory allocated to the TEE, YU discloses: wherein modifying the selected TEE comprises starting or restarting the selected TEE, (page 3, paragraph 11 (last paragraph), “… the starting code call instruction enters each trusted execution environment, entering a guide code each trusted execution environment, running the initial call address points corresponding to the trusted execution environment operating in the address section, the boot code of the trusted execution environment loading and starting the secure operating system of the trusted execution environment. until the safety operation system of all the trusted execution environment is started.”), (page 7, paragraph 4, “… After the secure operating system 1 is started, exit TEE1 and returning to the starting code. the starting code can continue to call a trusted execution environment command to start.”), wherein modifying the selected TEE further comprises copying data or code to the memory allocated to the TEE (page 4, paragraph 9, “… after passing the verification, the individual trusted execution environment boot code loaded to the memory operation address corresponding to section; and exiting the configuration mode, the boot code call instruction in the operating guide code of the trusted execution environment, to load the corresponding safe operating system. The technical solution of the invention when needing to start the more trusted execution environment, allocating each trusted execution environment available memory operation address section in the configuration mode, and the boot code for each trusted execution environment is loaded corresponding to the memory operation address section; so that each operation guide code of the trusted execution environment, it can according to operation address section corresponding to the guide code, realizes multi-trusted execution environment is started;”). Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the non-transitory computer readable medium of LEMAY, Lopez, and Gaddam to include copying/loading the starting code to the memory of TEEs as disclosed by YU and be motivated in doing so in order to avoid falsification of the guidance code of different trusted execution environment and ensure the safety of the starting-YU page 4, paragraph 9 in parts. Claims 24, 30, and 36 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPub. No. 20210200546 to LEMAY et al. (hereinafter LEMAY) in view of U.S. PGPub. No. 20160057619 to Lopez; Eduardo, (hereinafter Lopez) and further in view of U.S. PGPub. No. 20220131845 to Gaddam; Sivanarayana (hereinafter Gaddam) and further in view of US PGPub. No. 20200311256 to DEPREZ et al. (hereinafter DEPREZ). Regarding claims 24, 30, and 36, LEMAY in view of Lopez and further in view of Gaddam discloses the non-transitory computer readable medium of claim 17, the apparatus of claim 26, and the method of claim 32 respectively. However, LEMAY in view of Lopez and Gaddam does not explicitly disclose the limitation of: wherein the instructions further cause the processor to: receive a request to release the selected TEE; and in response to the request to release the selected TEE, return the selected TEE to the TEEs. DEPREZ discloses the limitation of: wherein the instructions further cause the processor to: receive a request to release the selected TEE (¶0027, “when a request by the TEE scheduler to execute the operations submodule is issued to the transition submodule, the transition submodule attempts to acquire a global TEE lock, if the global TEE lock is not already held then the attempt to acquire the global TEE lock is successful); and in response to the request to release the selected TEE, return the selected TEE to the TEEs (¶0027, “the request is processed in the operations submodule and the global TEE lock is released once the request has been processed…”), (¶0071-¶0075, Fig. 4, wherein the TEE is free to be selected for use for execution of operations submodule at a later point in time), (¶0050, “…The TEEs 130, 135 are operable to run Trusted Execution Environment applications, services and threads including a transition submodule 150 and an Operations submodule 160.”, wherein The TEEs 130 and 135 form the pool of TEEs). Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the non-transitory computer readable medium of LEMAY, Lopez, and Gaddam to include returning/releasing a selected TEE to the TEEs as disclosed by DEPREZ and be motivated in doing so in order to have the TEE free for use when another request for execution of the operations submodule is received. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MUDASIRU K OLAEGBE/ Examiner, Art Unit 2495 /FARID HOMAYOUNMEHR/ Supervisory Patent Examiner, Art Unit 2495
Read full office action

Prosecution Timeline

Show 14 earlier events
Aug 20, 2025
Response after Non-Final Action
Sep 23, 2025
Non-Final Rejection mailed — §103
Dec 23, 2025
Response Filed
Feb 26, 2026
Final Rejection mailed — §103
Mar 25, 2026
Response after Non-Final Action
Apr 17, 2026
Request for Continued Examination
Apr 29, 2026
Response after Non-Final Action
Jul 15, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683932
DYNAMIC ROUTING OF APPLICATION TRAFFIC TO ZTNA CONNECTORS
3y 6m to grant Granted Jul 14, 2026
Patent 12676887
METHOD AND SYSTEM FOR GENERATING DECOY FILES USING A DEEP LEARNING ENGINE FOR PROTECTION AGAINST RANSOMWARE ATTACKS
3y 4m to grant Granted Jul 07, 2026
Patent 12621320
SYSTEMS, METHODS, AND APPARATUSES FOR DETERMINING RESOURCE MISAPPROPRIATION BASED ON DISTRIBUTION FREQUENCY IN AN ELECTRONIC NETWORK
3y 5m to grant Granted May 05, 2026
Patent 12574406
SYSTEM AND METHOD FOR DATA FILTERING IN MACHINE LEARNING MODEL TO DETECT IMPERSONATION ATTACKS
5y 3m to grant Granted Mar 10, 2026
Patent 12489623
SYSTEMS AND COMPUTER-IMPLEMENTED METHODS FOR GENERATING PSEUDO RANDOM NUMBERS
3y 4m to grant Granted Dec 02, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

7-8
Expected OA Rounds
74%
Grant Probability
91%
With Interview (+17.2%)
3y 2m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 85 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month